6fa352d363aa440aa9f54d12da06e2f696b96364dcd79ba1567c53da16765fc2

Analysis

max time kernel
243s
max time network
334s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 03:43

Target

6fa352d363aa440aa9f54d12da06e2f696b96364dcd79ba1567c53da16765fc2.exe
Size

56KB
MD5

5674b3d033655ed379c36dca573ad622
SHA1

ad2992f8a763332f34b3f83432457ed4dda302df
SHA256

6fa352d363aa440aa9f54d12da06e2f696b96364dcd79ba1567c53da16765fc2
SHA512

eeca91bd59431fe73431cfa0cedbbb3f4b36fe5b88053a1706cc87b808790fd1bc3076d124c81414210de4be08c94823862697963eb03d0b01c4db36e8f2c5e5
SSDEEP

1536:8zA7tCqj8Nv0TFLCEhb2vud/+3YA9Wq4oEzIyavVTskg:8wtCFsk6b2Wd/+IOD4Oy8W

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 524 wrote to memory of 1344	524	6fa352d363aa440aa9f54d12da06e2f696b96364dcd79ba1567c53da16765fc2.exe	28
PID 524 wrote to memory of 1344	524	6fa352d363aa440aa9f54d12da06e2f696b96364dcd79ba1567c53da16765fc2.exe	28
PID 524 wrote to memory of 1344	524	6fa352d363aa440aa9f54d12da06e2f696b96364dcd79ba1567c53da16765fc2.exe	28
PID 524 wrote to memory of 1344	524	6fa352d363aa440aa9f54d12da06e2f696b96364dcd79ba1567c53da16765fc2.exe	28

C:\Users\Admin\AppData\Local\Temp\6fa352d363aa440aa9f54d12da06e2f696b96364dcd79ba1567c53da16765fc2.exe
"C:\Users\Admin\AppData\Local\Temp\6fa352d363aa440aa9f54d12da06e2f696b96364dcd79ba1567c53da16765fc2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:524
- C:\Users\Admin\AppData\Local\Temp\6fa352d363aa440aa9f54d12da06e2f696b96364dcd79ba1567c53da16765fc2.exe
  C:\Users\Admin\AppData\Local\Temp\6fa352d363aa440aa" 48
  2⤵
  PID:1344

memory/524-54-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download
memory/1344-57-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download