6a122a7d0a99b5c790ddd811ffc6544ce34b68c9e2f9b9ad1aa1c6747cc382b9

Analysis

max time kernel
123s
max time network
147s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 23:08

Target

6a122a7d0a99b5c790ddd811ffc6544ce34b68c9e2f9b9ad1aa1c6747cc382b9.exe
Size

223KB
MD5

527a3dff9f4616be44457a0deb604d7b
SHA1

71437c9e063ba6f2b2676595156d6e2325ad11a6
SHA256

6a122a7d0a99b5c790ddd811ffc6544ce34b68c9e2f9b9ad1aa1c6747cc382b9
SHA512

4d7d5bb549658def7ae68cea9203594940aa5c9241bb341420dfef1baaaa72314397ccf6423a006f5831755bc12889f2c55307cd376938856727f67bf6c1d25e
SSDEEP

3072:mFupBhdA9HFh4lsQhGVQni0cA1+Yif5cDUTnoJhRmQ3f22CyO7x/X1Yr+bIE2RyQ:msn/Az4qpQcgsf5oUTCn5O7F1g

Score

8^/10

Blocklisted process makes network request 3 IoCs

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
1652	6a122a7d0a99b5c790ddd811ffc6544ce34b68c9e2f9b9ad1aa1c6747cc382b9.exe
1652	6a122a7d0a99b5c790ddd811ffc6544ce34b68c9e2f9b9ad1aa1c6747cc382b9.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 604	1652	6a122a7d0a99b5c790ddd811ffc6544ce34b68c9e2f9b9ad1aa1c6747cc382b9.exe	28
PID 1652 wrote to memory of 604	1652	6a122a7d0a99b5c790ddd811ffc6544ce34b68c9e2f9b9ad1aa1c6747cc382b9.exe	28
PID 1652 wrote to memory of 604	1652	6a122a7d0a99b5c790ddd811ffc6544ce34b68c9e2f9b9ad1aa1c6747cc382b9.exe	28
PID 1652 wrote to memory of 604	1652	6a122a7d0a99b5c790ddd811ffc6544ce34b68c9e2f9b9ad1aa1c6747cc382b9.exe	28
PID 1652 wrote to memory of 604	1652	6a122a7d0a99b5c790ddd811ffc6544ce34b68c9e2f9b9ad1aa1c6747cc382b9.exe	28
PID 1652 wrote to memory of 604	1652	6a122a7d0a99b5c790ddd811ffc6544ce34b68c9e2f9b9ad1aa1c6747cc382b9.exe	28
PID 1652 wrote to memory of 604	1652	6a122a7d0a99b5c790ddd811ffc6544ce34b68c9e2f9b9ad1aa1c6747cc382b9.exe	28

C:\Users\Admin\AppData\Local\Temp\6a122a7d0a99b5c790ddd811ffc6544ce34b68c9e2f9b9ad1aa1c6747cc382b9.exe
"C:\Users\Admin\AppData\Local\Temp\6a122a7d0a99b5c790ddd811ffc6544ce34b68c9e2f9b9ad1aa1c6747cc382b9.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\SysWOW64\msiexec.exe
  C:\Windows\SysWOW64\msiexec.exe
  2⤵
  - Blocklisted process makes network request
  PID:604

memory/604-55-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download
memory/604-56-0x0000000000C50000-0x0000000000C64000-memory.dmp

Filesize
80KB

Download
memory/604-57-0x0000000000140000-0x000000000017B000-memory.dmp

Filesize
236KB

Download
memory/604-58-0x0000000000140000-0x000000000017B000-memory.dmp

Filesize
236KB

Download