5c4a3fb7891c953df19648ad89e5f2ee124002aea0b266a5045490bea05da296

Analysis

max time kernel
163s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 08:49

Target

5c4a3fb7891c953df19648ad89e5f2ee124002aea0b266a5045490bea05da296.exe
Size

56KB
MD5

423eeb31baab60439633a2bae5145564
SHA1

9c6c5119200db560377b7601486fe0346e91cf6c
SHA256

5c4a3fb7891c953df19648ad89e5f2ee124002aea0b266a5045490bea05da296
SHA512

9cd160b5c7b83038918cd9ff9468c7546119a137bc1395c535b3cb980534a24926e4d77882f865b6dee8ae56f88f968f3f2bc66843426a79f8f9b27a8f00f7da
SSDEEP

1536:bbEadETCq88Kv0TFLCEhb2vud/+3YA9Wq4oEzIWavVTskg:b1KTCjsk6b2Wd/+IOD4OW8W

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2200	1920	5c4a3fb7891c953df19648ad89e5f2ee124002aea0b266a5045490bea05da296.exe	80
PID 1920 wrote to memory of 2200	1920	5c4a3fb7891c953df19648ad89e5f2ee124002aea0b266a5045490bea05da296.exe	80
PID 1920 wrote to memory of 2200	1920	5c4a3fb7891c953df19648ad89e5f2ee124002aea0b266a5045490bea05da296.exe	80

C:\Users\Admin\AppData\Local\Temp\5c4a3fb7891c953df19648ad89e5f2ee124002aea0b266a5045490bea05da296.exe
"C:\Users\Admin\AppData\Local\Temp\5c4a3fb7891c953df19648ad89e5f2ee124002aea0b266a5045490bea05da296.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Users\Admin\AppData\Local\Temp\5c4a3fb7891c953df19648ad89e5f2ee124002aea0b266a5045490bea05da296.exe
  C:\Users\Admin\AppData\Local\Temp\5c4a3fb7891c953df" 48
  2⤵
  PID:2200

memory/2200-133-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download