6dbf792374dcd6fbe1a7e5532bb42b8eb512cbe79a0be70a6b126907a34325e0

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 05:58

Target

tarzan_tfile_ru.exe
Size

507KB
MD5

2584b897c79648c0b1c3ab2cdcf5f8c4
SHA1

b785e246c8222a4d6e2eae1d71798d87832e5efe
SHA256

337c660f64b39edd77c741d0d9eedfe2e8a6d1bdbfac71d4bd6650b5c100903f
SHA512

09b039916ae11bf0df6e03b7ca35afccb378afbcdfe00b78903d244c0de35940651a1488a7895592511b3a6d0a873051129b274997e73380f0302dd70ce72078
SSDEEP

12288:Q4CDkcHS2XG7RImuOy0EZjywiLcUaz4eOW:hCvHSI0EkwiLkl7

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 1568	536	tarzan_tfile_ru.exe	27
PID 536 wrote to memory of 1568	536	tarzan_tfile_ru.exe	27
PID 536 wrote to memory of 1568	536	tarzan_tfile_ru.exe	27
PID 536 wrote to memory of 1568	536	tarzan_tfile_ru.exe	27
PID 536 wrote to memory of 1932	536	tarzan_tfile_ru.exe	28
PID 536 wrote to memory of 1932	536	tarzan_tfile_ru.exe	28
PID 536 wrote to memory of 1932	536	tarzan_tfile_ru.exe	28
PID 536 wrote to memory of 1932	536	tarzan_tfile_ru.exe	28

C:\Users\Admin\AppData\Local\Temp\tarzan_tfile_ru.exe
"C:\Users\Admin\AppData\Local\Temp\tarzan_tfile_ru.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:536
- C:\Users\Admin\AppData\Local\Temp\tarzan_tfile_ru.exe
  start
  2⤵
  PID:1568
- C:\Users\Admin\AppData\Local\Temp\tarzan_tfile_ru.exe
  watch
  2⤵
  PID:1932

memory/536-54-0x0000000076831000-0x0000000076833000-memory.dmp

Filesize
8KB

Download
memory/536-58-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/1568-60-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/1568-63-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/1932-61-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/1932-62-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/1932-64-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download