b94cb01577134858c98a57a01cecabcd6a75ea0ea60daa9a65715b672ee3974e

Analysis

max time kernel
192s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 18:57

Target

b94cb01577134858c98a57a01cecabcd6a75ea0ea60daa9a65715b672ee3974e.exe
Size

519KB
MD5

1edab5328ea8cc30bbfd761434bfe216
SHA1

6ae44db5f548e4d4272cefa06b70a27b53ce22c2
SHA256

b94cb01577134858c98a57a01cecabcd6a75ea0ea60daa9a65715b672ee3974e
SHA512

c34ca9a2485b3f3dee2eb4cc9fb82d50aa5eaea5ffe29a8865fd6677ebf2adfce7693874b610b595e233c008c5f8df64c2531ac5655ec464fd8bab11fd522d8d
SSDEEP

12288:6KARMXzrqhbiikLmzst/ivQtbo5O54YXpHM:bFmuKzq54MVpHM

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4972 wrote to memory of 3468	4972	b94cb01577134858c98a57a01cecabcd6a75ea0ea60daa9a65715b672ee3974e.exe	79
PID 4972 wrote to memory of 3468	4972	b94cb01577134858c98a57a01cecabcd6a75ea0ea60daa9a65715b672ee3974e.exe	79
PID 4972 wrote to memory of 3468	4972	b94cb01577134858c98a57a01cecabcd6a75ea0ea60daa9a65715b672ee3974e.exe	79
PID 4972 wrote to memory of 4632	4972	b94cb01577134858c98a57a01cecabcd6a75ea0ea60daa9a65715b672ee3974e.exe	80
PID 4972 wrote to memory of 4632	4972	b94cb01577134858c98a57a01cecabcd6a75ea0ea60daa9a65715b672ee3974e.exe	80
PID 4972 wrote to memory of 4632	4972	b94cb01577134858c98a57a01cecabcd6a75ea0ea60daa9a65715b672ee3974e.exe	80

C:\Users\Admin\AppData\Local\Temp\b94cb01577134858c98a57a01cecabcd6a75ea0ea60daa9a65715b672ee3974e.exe
"C:\Users\Admin\AppData\Local\Temp\b94cb01577134858c98a57a01cecabcd6a75ea0ea60daa9a65715b672ee3974e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Users\Admin\AppData\Local\Temp\b94cb01577134858c98a57a01cecabcd6a75ea0ea60daa9a65715b672ee3974e.exe
  start
  2⤵
  PID:3468
- C:\Users\Admin\AppData\Local\Temp\b94cb01577134858c98a57a01cecabcd6a75ea0ea60daa9a65715b672ee3974e.exe
  watch
  2⤵
  PID:4632

memory/3468-136-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/3468-138-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/3468-140-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/4632-137-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/4632-139-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/4632-141-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/4972-132-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/4972-135-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download