88f33974e55cea3c71e41e5c642579ecc8bfcb30928d76a66684b0ac35d78942

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 06:04

Target

88f33974e55cea3c71e41e5c642579ecc8bfcb30928d76a66684b0ac35d78942.exe
Size

7.7MB
MD5

ee6a05bcc00d13b81e8081e05f1c26e9
SHA1

eda772a11f768635b5188aac7738fd51a2009d4f
SHA256

88f33974e55cea3c71e41e5c642579ecc8bfcb30928d76a66684b0ac35d78942
SHA512

19d4018efc44931237f7eee7caaaa324fc3ba39d5608b14e77bfc69c30f6328de42630bbc0a3044ba2f07047e9948a4990ac59e9d5c6ef39ef756b1634d01d81
SSDEEP

196608:mhAKAZxGEhB3A+GPVTUGSskR3aC9pQ0xFeYUG3/23t:mhMxpArB56R3aqC0xFey3/Qt

Score

1^/10

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 1252	1768	88f33974e55cea3c71e41e5c642579ecc8bfcb30928d76a66684b0ac35d78942.exe	27
PID 1768 wrote to memory of 1252	1768	88f33974e55cea3c71e41e5c642579ecc8bfcb30928d76a66684b0ac35d78942.exe	27
PID 1768 wrote to memory of 1252	1768	88f33974e55cea3c71e41e5c642579ecc8bfcb30928d76a66684b0ac35d78942.exe	27
PID 1768 wrote to memory of 1252	1768	88f33974e55cea3c71e41e5c642579ecc8bfcb30928d76a66684b0ac35d78942.exe	27
PID 1768 wrote to memory of 1252	1768	88f33974e55cea3c71e41e5c642579ecc8bfcb30928d76a66684b0ac35d78942.exe	27
PID 1768 wrote to memory of 1252	1768	88f33974e55cea3c71e41e5c642579ecc8bfcb30928d76a66684b0ac35d78942.exe	27
PID 1768 wrote to memory of 1252	1768	88f33974e55cea3c71e41e5c642579ecc8bfcb30928d76a66684b0ac35d78942.exe	27
PID 1252 wrote to memory of 840	1252	Net.exe	29
PID 1252 wrote to memory of 840	1252	Net.exe	29
PID 1252 wrote to memory of 840	1252	Net.exe	29
PID 1252 wrote to memory of 840	1252	Net.exe	29
PID 1252 wrote to memory of 840	1252	Net.exe	29
PID 1252 wrote to memory of 840	1252	Net.exe	29
PID 1252 wrote to memory of 840	1252	Net.exe	29

C:\Users\Admin\AppData\Local\Temp\88f33974e55cea3c71e41e5c642579ecc8bfcb30928d76a66684b0ac35d78942.exe
"C:\Users\Admin\AppData\Local\Temp\88f33974e55cea3c71e41e5c642579ecc8bfcb30928d76a66684b0ac35d78942.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\Net.exe
  Net Stop PcaSvc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1252
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 Stop PcaSvc
    3⤵
    PID:840

memory/1768-54-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download