becc8e9d65c08215693663d6e077f992b2a9b14c54409e43c90cfd9a72549e65

Analysis

max time kernel
41s
max time network
52s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 09:57

Target

becc8e9d65c08215693663d6e077f992b2a9b14c54409e43c90cfd9a72549e65.exe
Size

525KB
MD5

ee48926e10bc65acd7c9e06c0878637e
SHA1

1a6a2a908291474688048f87d34777d2a6cf433b
SHA256

becc8e9d65c08215693663d6e077f992b2a9b14c54409e43c90cfd9a72549e65
SHA512

9ce8e5905675ad9123faa09187374db9e35577b270ba5b367d8b5df71993bfafba8213a59db1451afbbdfc42195a0139da0e22e0f60c0e65b603b017a10c59f9
SSDEEP

6144:62Z9hs5MMYVQUTQDAt7FHXs+HmRS3HdWq54C1A6gaaePQuCJV5NhloBI0EUIP66W:62ZPWU1RF3gSXdWa445/A+6S0T

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1104	1948	becc8e9d65c08215693663d6e077f992b2a9b14c54409e43c90cfd9a72549e65.exe	28
PID 1948 wrote to memory of 1104	1948	becc8e9d65c08215693663d6e077f992b2a9b14c54409e43c90cfd9a72549e65.exe	28
PID 1948 wrote to memory of 1104	1948	becc8e9d65c08215693663d6e077f992b2a9b14c54409e43c90cfd9a72549e65.exe	28
PID 1948 wrote to memory of 1104	1948	becc8e9d65c08215693663d6e077f992b2a9b14c54409e43c90cfd9a72549e65.exe	28
PID 1948 wrote to memory of 972	1948	becc8e9d65c08215693663d6e077f992b2a9b14c54409e43c90cfd9a72549e65.exe	29
PID 1948 wrote to memory of 972	1948	becc8e9d65c08215693663d6e077f992b2a9b14c54409e43c90cfd9a72549e65.exe	29
PID 1948 wrote to memory of 972	1948	becc8e9d65c08215693663d6e077f992b2a9b14c54409e43c90cfd9a72549e65.exe	29
PID 1948 wrote to memory of 972	1948	becc8e9d65c08215693663d6e077f992b2a9b14c54409e43c90cfd9a72549e65.exe	29

C:\Users\Admin\AppData\Local\Temp\becc8e9d65c08215693663d6e077f992b2a9b14c54409e43c90cfd9a72549e65.exe
"C:\Users\Admin\AppData\Local\Temp\becc8e9d65c08215693663d6e077f992b2a9b14c54409e43c90cfd9a72549e65.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Users\Admin\AppData\Local\Temp\becc8e9d65c08215693663d6e077f992b2a9b14c54409e43c90cfd9a72549e65.exe
  start
  2⤵
  PID:1104
- C:\Users\Admin\AppData\Local\Temp\becc8e9d65c08215693663d6e077f992b2a9b14c54409e43c90cfd9a72549e65.exe
  watch
  2⤵
  PID:972

memory/972-61-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/972-63-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/972-65-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/1104-60-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/1104-62-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/1104-64-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/1948-54-0x0000000074D81000-0x0000000074D83000-memory.dmp

Filesize
8KB

Download
memory/1948-58-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download