8556f822ce5a019158095f748ae1021ea3d0286bafc3f8b73d07a57c6401dc52

Analysis

max time kernel
137s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 15:36

Target

8556f822ce5a019158095f748ae1021ea3d0286bafc3f8b73d07a57c6401dc52.exe
Size

507KB
MD5

a4c1d4ca18791e384987a656f6093184
SHA1

7a167eb912c19e2447cca992a32d6deca1dcdfdd
SHA256

8556f822ce5a019158095f748ae1021ea3d0286bafc3f8b73d07a57c6401dc52
SHA512

5e43fd9af32b439368cafbd874d3820e2821a5a2370e70227b026871c5d0f12d6b76207ca1657c8c1cb2bba06d91726d87fb2f085feef3054f77211cd68380f1
SSDEEP

6144:O/Gynqb7DpRvGC9q3Sr/RS4BKptRWIXwosmDsOoh3nCzIcN5fcFkJr5zKW:Lyqz7vGy3/R1ctEIgoj0cz4ozKW

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 4768	4696	8556f822ce5a019158095f748ae1021ea3d0286bafc3f8b73d07a57c6401dc52.exe	82
PID 4696 wrote to memory of 4768	4696	8556f822ce5a019158095f748ae1021ea3d0286bafc3f8b73d07a57c6401dc52.exe	82
PID 4696 wrote to memory of 4768	4696	8556f822ce5a019158095f748ae1021ea3d0286bafc3f8b73d07a57c6401dc52.exe	82
PID 4696 wrote to memory of 4764	4696	8556f822ce5a019158095f748ae1021ea3d0286bafc3f8b73d07a57c6401dc52.exe	83
PID 4696 wrote to memory of 4764	4696	8556f822ce5a019158095f748ae1021ea3d0286bafc3f8b73d07a57c6401dc52.exe	83
PID 4696 wrote to memory of 4764	4696	8556f822ce5a019158095f748ae1021ea3d0286bafc3f8b73d07a57c6401dc52.exe	83

C:\Users\Admin\AppData\Local\Temp\8556f822ce5a019158095f748ae1021ea3d0286bafc3f8b73d07a57c6401dc52.exe
"C:\Users\Admin\AppData\Local\Temp\8556f822ce5a019158095f748ae1021ea3d0286bafc3f8b73d07a57c6401dc52.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Users\Admin\AppData\Local\Temp\8556f822ce5a019158095f748ae1021ea3d0286bafc3f8b73d07a57c6401dc52.exe
  start
  2⤵
  PID:4768
- C:\Users\Admin\AppData\Local\Temp\8556f822ce5a019158095f748ae1021ea3d0286bafc3f8b73d07a57c6401dc52.exe
  watch
  2⤵
  PID:4764

memory/4696-132-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/4696-135-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/4764-137-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/4764-138-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/4764-141-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/4768-136-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/4768-139-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/4768-140-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download