79c4974b71722e4828a7dc30f10cd51a2c6116e9ea5564d7e4e297728b97cf46

Analysis

max time kernel
184s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 03:01

Target

79c4974b71722e4828a7dc30f10cd51a2c6116e9ea5564d7e4e297728b97cf46.exe
Size

56KB
MD5

40d59848a0ce25dea83f9268df0423ab
SHA1

00ea14a410e3752319275d884a062ec9fe5e20ce
SHA256

79c4974b71722e4828a7dc30f10cd51a2c6116e9ea5564d7e4e297728b97cf46
SHA512

d1cd815a7d91e4c7c12b02fe491c5302f569bff087c50299ef7da534549655f10ce7df59beedcfcbb9c5044c095a8c73fe258daba9548d08791e861f893719a3
SSDEEP

768:O7nfdOccyRHPgiCqT8ifnWL/aoWlRILExnfnvX9Ndl70aHPFCgTenuVMMs:WnfwctvtCqT8ivy/zLmvH0avVTskg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 1536	4108	79c4974b71722e4828a7dc30f10cd51a2c6116e9ea5564d7e4e297728b97cf46.exe	83
PID 4108 wrote to memory of 1536	4108	79c4974b71722e4828a7dc30f10cd51a2c6116e9ea5564d7e4e297728b97cf46.exe	83
PID 4108 wrote to memory of 1536	4108	79c4974b71722e4828a7dc30f10cd51a2c6116e9ea5564d7e4e297728b97cf46.exe	83

C:\Users\Admin\AppData\Local\Temp\79c4974b71722e4828a7dc30f10cd51a2c6116e9ea5564d7e4e297728b97cf46.exe
"C:\Users\Admin\AppData\Local\Temp\79c4974b71722e4828a7dc30f10cd51a2c6116e9ea5564d7e4e297728b97cf46.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Users\Admin\AppData\Local\Temp\79c4974b71722e4828a7dc30f10cd51a2c6116e9ea5564d7e4e297728b97cf46.exe
  C:\Users\Admin\AppData\Local\Temp\79c4974b71722e482" 48
  2⤵
  PID:1536

memory/1536-132-0x0000000000000000-mapping.dmp

Download
memory/1536-133-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download