3126d3ce4ab107f02a308192d267fad10b9ee00fb77cd97d4090ddfff1adbc47

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 09:59

Target

3126d3ce4ab107f02a308192d267fad10b9ee00fb77cd97d4090ddfff1adbc47.exe
Size

2.6MB
MD5

1bbce496d8868f91cb22b831a0780ba7
SHA1

1d5f59585c5d6e842e37747afc1f76c2e9f59418
SHA256

3126d3ce4ab107f02a308192d267fad10b9ee00fb77cd97d4090ddfff1adbc47
SHA512

72df33d524ecabebbb076a3466c5153769c4781a5e61371c80086b9416506cc315101fcdb64e671c47d8202f19bae23309000faac5e58ae36e1db3acc311c6a9
SSDEEP

49152:ylY613sTH8v7a2v/ghy6tCyvHpzxEXNV6lkqfuKhLebwxleLxLYcTrKug0Vj5SV:yl9Hgk6tvvH1m8uSSMbeLxEcPpVjsV

Score

1^/10

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 988	1768	3126d3ce4ab107f02a308192d267fad10b9ee00fb77cd97d4090ddfff1adbc47.exe	27
PID 1768 wrote to memory of 988	1768	3126d3ce4ab107f02a308192d267fad10b9ee00fb77cd97d4090ddfff1adbc47.exe	27
PID 1768 wrote to memory of 988	1768	3126d3ce4ab107f02a308192d267fad10b9ee00fb77cd97d4090ddfff1adbc47.exe	27
PID 1768 wrote to memory of 988	1768	3126d3ce4ab107f02a308192d267fad10b9ee00fb77cd97d4090ddfff1adbc47.exe	27
PID 1768 wrote to memory of 988	1768	3126d3ce4ab107f02a308192d267fad10b9ee00fb77cd97d4090ddfff1adbc47.exe	27
PID 1768 wrote to memory of 988	1768	3126d3ce4ab107f02a308192d267fad10b9ee00fb77cd97d4090ddfff1adbc47.exe	27
PID 1768 wrote to memory of 988	1768	3126d3ce4ab107f02a308192d267fad10b9ee00fb77cd97d4090ddfff1adbc47.exe	27
PID 988 wrote to memory of 1900	988	Net.exe	29
PID 988 wrote to memory of 1900	988	Net.exe	29
PID 988 wrote to memory of 1900	988	Net.exe	29
PID 988 wrote to memory of 1900	988	Net.exe	29
PID 988 wrote to memory of 1900	988	Net.exe	29
PID 988 wrote to memory of 1900	988	Net.exe	29
PID 988 wrote to memory of 1900	988	Net.exe	29

C:\Users\Admin\AppData\Local\Temp\3126d3ce4ab107f02a308192d267fad10b9ee00fb77cd97d4090ddfff1adbc47.exe
"C:\Users\Admin\AppData\Local\Temp\3126d3ce4ab107f02a308192d267fad10b9ee00fb77cd97d4090ddfff1adbc47.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\Net.exe
  Net Stop PcaSvc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:988
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 Stop PcaSvc
    3⤵
    PID:1900

memory/1768-54-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download