27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 10:44 UTC

Target

27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e.exe
Size

73KB
MD5

70a618bd04328bbb110d1208962a99e7
SHA1

b25e030bf9f80748201f522e7aff4320d182045e
SHA256

27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e
SHA512

86386aba85fd4037497c23954b447795a86399b121c938dd62ee3b00ad0df2201502c10e6f0240b52168b1c8c3baa0dfd5a332b3cefb1dd95540d23a1220ec64
SSDEEP

768:/0l6fk0Ykrxxrzh904BPk3yeDjzexnQi2/jcpVA3B6UX:Ml6rxrxxrT04u+xnQlwpS3B6g

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 1204	1676	27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e.exe	28
PID 1676 wrote to memory of 1204	1676	27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e.exe	28
PID 1676 wrote to memory of 1204	1676	27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e.exe	28
PID 1676 wrote to memory of 1204	1676	27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e.exe	28

C:\Users\Admin\AppData\Local\Temp\27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e.exe
"C:\Users\Admin\AppData\Local\Temp\27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 412
  2⤵
  PID:1204

memory/1676-54-0x0000000075E31000-0x0000000075E33000-memory.dmp

Filesize
8KB

Download
memory/1676-57-0x0000000074C30000-0x00000000751DB000-memory.dmp

Filesize
5.7MB

Download
memory/1676-58-0x0000000074C30000-0x00000000751DB000-memory.dmp

Filesize
5.7MB

Download