4c6373d72abd92972185ff07a2feacafeaad904cdece81466b810afc080aca73

Analysis

max time kernel
5s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 23:54

Target

4c6373d72abd92972185ff07a2feacafeaad904cdece81466b810afc080aca73.exe
Size

1.1MB
MD5

70f6a5e94dfb6af2184cdcc648e01797
SHA1

29c2189059a75f273213e278351009c4a6b8eaf8
SHA256

4c6373d72abd92972185ff07a2feacafeaad904cdece81466b810afc080aca73
SHA512

ab3190095de74c5baae1cb1955c913553c39cb8f3431a9bbe0b16353f99945f56a351957ce32c07d50ac8a9b7dfa99a5507d09c40ec6149b6a559406d28c966c
SSDEEP

24576:ylnjI9LmIUu6TVaML+TKWmA7xvRVFTAN8xNdoi+wNv7fgQC7/6J5fDO:ylY613cTm8xsi+w17fgQS/GNDO

Score

1^/10

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 1812	1260	4c6373d72abd92972185ff07a2feacafeaad904cdece81466b810afc080aca73.exe	28
PID 1260 wrote to memory of 1812	1260	4c6373d72abd92972185ff07a2feacafeaad904cdece81466b810afc080aca73.exe	28
PID 1260 wrote to memory of 1812	1260	4c6373d72abd92972185ff07a2feacafeaad904cdece81466b810afc080aca73.exe	28
PID 1260 wrote to memory of 1812	1260	4c6373d72abd92972185ff07a2feacafeaad904cdece81466b810afc080aca73.exe	28
PID 1260 wrote to memory of 1812	1260	4c6373d72abd92972185ff07a2feacafeaad904cdece81466b810afc080aca73.exe	28
PID 1260 wrote to memory of 1812	1260	4c6373d72abd92972185ff07a2feacafeaad904cdece81466b810afc080aca73.exe	28
PID 1260 wrote to memory of 1812	1260	4c6373d72abd92972185ff07a2feacafeaad904cdece81466b810afc080aca73.exe	28
PID 1812 wrote to memory of 1712	1812	Net.exe	30
PID 1812 wrote to memory of 1712	1812	Net.exe	30
PID 1812 wrote to memory of 1712	1812	Net.exe	30
PID 1812 wrote to memory of 1712	1812	Net.exe	30
PID 1812 wrote to memory of 1712	1812	Net.exe	30
PID 1812 wrote to memory of 1712	1812	Net.exe	30
PID 1812 wrote to memory of 1712	1812	Net.exe	30

C:\Users\Admin\AppData\Local\Temp\4c6373d72abd92972185ff07a2feacafeaad904cdece81466b810afc080aca73.exe
"C:\Users\Admin\AppData\Local\Temp\4c6373d72abd92972185ff07a2feacafeaad904cdece81466b810afc080aca73.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Windows\SysWOW64\Net.exe
  Net Stop PcaSvc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1812
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 Stop PcaSvc
    3⤵
    PID:1712

memory/1260-54-0x0000000075C41000-0x0000000075C43000-memory.dmp

Filesize
8KB

Download