d81aefacb7d062fa2ed62fac17ba2cd97ed47d493b775ca7afdea52cafcf09f2

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 12:09

Target

d81aefacb7d062fa2ed62fac17ba2cd97ed47d493b775ca7afdea52cafcf09f2.exe
Size

510KB
MD5

b59630fa1fa576256ae42d9eebffda95
SHA1

2496ece481ebfcf39d869d6f36fb4029de9fa6de
SHA256

d81aefacb7d062fa2ed62fac17ba2cd97ed47d493b775ca7afdea52cafcf09f2
SHA512

960adaf423003e31acf1910dcde89e647b0bad63914f930385375dce50b0445b28dba77567bf6ebeaf27cb7fe5c9f784eb94cd94739c2510b0337a9fc7554384
SSDEEP

6144:q35HxqlC0hYobbbrbmXMFweAuclmKWhQ0en7459B4Cik3LyXNKHHxKBtkciwwwx+:oHE9qobPQet5eM59rOSx6Ywww4k9B2l

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2996	2672	d81aefacb7d062fa2ed62fac17ba2cd97ed47d493b775ca7afdea52cafcf09f2.exe	78
PID 2672 wrote to memory of 2996	2672	d81aefacb7d062fa2ed62fac17ba2cd97ed47d493b775ca7afdea52cafcf09f2.exe	78
PID 2672 wrote to memory of 2996	2672	d81aefacb7d062fa2ed62fac17ba2cd97ed47d493b775ca7afdea52cafcf09f2.exe	78
PID 2672 wrote to memory of 4676	2672	d81aefacb7d062fa2ed62fac17ba2cd97ed47d493b775ca7afdea52cafcf09f2.exe	79
PID 2672 wrote to memory of 4676	2672	d81aefacb7d062fa2ed62fac17ba2cd97ed47d493b775ca7afdea52cafcf09f2.exe	79
PID 2672 wrote to memory of 4676	2672	d81aefacb7d062fa2ed62fac17ba2cd97ed47d493b775ca7afdea52cafcf09f2.exe	79

C:\Users\Admin\AppData\Local\Temp\d81aefacb7d062fa2ed62fac17ba2cd97ed47d493b775ca7afdea52cafcf09f2.exe
"C:\Users\Admin\AppData\Local\Temp\d81aefacb7d062fa2ed62fac17ba2cd97ed47d493b775ca7afdea52cafcf09f2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Users\Admin\AppData\Local\Temp\d81aefacb7d062fa2ed62fac17ba2cd97ed47d493b775ca7afdea52cafcf09f2.exe
  start
  2⤵
  PID:2996
- C:\Users\Admin\AppData\Local\Temp\d81aefacb7d062fa2ed62fac17ba2cd97ed47d493b775ca7afdea52cafcf09f2.exe
  watch
  2⤵
  PID:4676

memory/2672-134-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/2996-132-0x0000000000000000-mapping.dmp

Download
memory/2996-136-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/2996-137-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/4676-133-0x0000000000000000-mapping.dmp

Download
memory/4676-135-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/4676-138-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download