4e1fa552705bd4ad8b961a3d223f8c35dc6506be7747f64b93f0e38ad4e5df72

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 16:06

Target

4e1fa552705bd4ad8b961a3d223f8c35dc6506be7747f64b93f0e38ad4e5df72.exe
Size

46KB
MD5

847ad8064526881ebf193c7be2d0c87f
SHA1

31345b1f3c505a93583cde9238e907b1ffb86284
SHA256

4e1fa552705bd4ad8b961a3d223f8c35dc6506be7747f64b93f0e38ad4e5df72
SHA512

061028610d02fd9a2e66ee1b36ffa0ece3bf7a5865574da92db18ee7ddfaafbd9327866f30874ebafaebbbf0bd89fd405fc1c801108ccd3b6480549f5899ffa3
SSDEEP

768:xDqnmmbkelFfbbU8xqpDc0NAynFhFl16cgGVH8g5ip1W20:B6bb0eyn7J5ip1W1

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 1944	1112	4e1fa552705bd4ad8b961a3d223f8c35dc6506be7747f64b93f0e38ad4e5df72.exe	28
PID 1112 wrote to memory of 1944	1112	4e1fa552705bd4ad8b961a3d223f8c35dc6506be7747f64b93f0e38ad4e5df72.exe	28
PID 1112 wrote to memory of 1944	1112	4e1fa552705bd4ad8b961a3d223f8c35dc6506be7747f64b93f0e38ad4e5df72.exe	28
PID 1112 wrote to memory of 1944	1112	4e1fa552705bd4ad8b961a3d223f8c35dc6506be7747f64b93f0e38ad4e5df72.exe	28

C:\Users\Admin\AppData\Local\Temp\4e1fa552705bd4ad8b961a3d223f8c35dc6506be7747f64b93f0e38ad4e5df72.exe
"C:\Users\Admin\AppData\Local\Temp\4e1fa552705bd4ad8b961a3d223f8c35dc6506be7747f64b93f0e38ad4e5df72.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 424
  2⤵
  PID:1944

memory/1112-54-0x0000000076031000-0x0000000076033000-memory.dmp

Filesize
8KB

Download
memory/1112-55-0x0000000074360000-0x000000007490B000-memory.dmp

Filesize
5.7MB

Download
memory/1112-58-0x0000000074360000-0x000000007490B000-memory.dmp

Filesize
5.7MB

Download