b8aa885f824bb8107faaa8577218f3b470be498af0e37399f4a86b3fa433a07b

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 04:58

Target

ape_x_tfile_ru.exe
Size

532KB
MD5

407f72993ec6b698085707a212fb749c
SHA1

0060f53f393b06e7a734da541fbe0ea28fdf0994
SHA256

a0e78ce5fa2975760998e842ad43e156bac902c1c92797f1a825ae7e666f9d1b
SHA512

ae31c28ade1b9f2bcd1a1d6d8dadcf9fdb548778fe214f5bc2a1d1c912590c93fcf1be4f5a2f9432839212fd3fccd38988eb1c6d521b11b3cc527931342192d8
SSDEEP

12288:H90nAdzdjkxNUjwznYKf9RsOQzLqnsPSG5c+y:62B7wzX9Oz3qnBe+

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 1524	1328	ape_x_tfile_ru.exe	27
PID 1328 wrote to memory of 1524	1328	ape_x_tfile_ru.exe	27
PID 1328 wrote to memory of 1524	1328	ape_x_tfile_ru.exe	27
PID 1328 wrote to memory of 1524	1328	ape_x_tfile_ru.exe	27
PID 1328 wrote to memory of 1560	1328	ape_x_tfile_ru.exe	28
PID 1328 wrote to memory of 1560	1328	ape_x_tfile_ru.exe	28
PID 1328 wrote to memory of 1560	1328	ape_x_tfile_ru.exe	28
PID 1328 wrote to memory of 1560	1328	ape_x_tfile_ru.exe	28

C:\Users\Admin\AppData\Local\Temp\ape_x_tfile_ru.exe
"C:\Users\Admin\AppData\Local\Temp\ape_x_tfile_ru.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Users\Admin\AppData\Local\Temp\ape_x_tfile_ru.exe
  start
  2⤵
  PID:1524
- C:\Users\Admin\AppData\Local\Temp\ape_x_tfile_ru.exe
  watch
  2⤵
  PID:1560

memory/1328-54-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download
memory/1328-59-0x0000000000400000-0x0000000000489000-memory.dmp

Filesize
548KB

Download
memory/1524-55-0x0000000000000000-mapping.dmp

Download
memory/1524-61-0x0000000000400000-0x0000000000489000-memory.dmp

Filesize
548KB

Download
memory/1524-62-0x0000000000400000-0x0000000000489000-memory.dmp

Filesize
548KB

Download
memory/1560-56-0x0000000000000000-mapping.dmp

Download
memory/1560-60-0x0000000000400000-0x0000000000489000-memory.dmp

Filesize
548KB

Download
memory/1560-63-0x0000000000400000-0x0000000000489000-memory.dmp

Filesize
548KB

Download