67ac8a7948c19b94a25753a74aca75651fe9bd8fa17361efc558e2688de232ee

Analysis

max time kernel
14s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 03:46

Target

67ac8a7948c19b94a25753a74aca75651fe9bd8fa17361efc558e2688de232ee.exe
Size

138KB
MD5

8bf926f4d4c359b74391dd58d26d769f
SHA1

5123b5f95073cf3d32b66dd850f17ea9d707b725
SHA256

67ac8a7948c19b94a25753a74aca75651fe9bd8fa17361efc558e2688de232ee
SHA512

ae7dbf1ea7decdff9a1f1d5a3be968c5ab6e0290149f5232c3b06654dada129e8543e81649ea5c7bb86254c81310838589c306848e6a5d81e396de9cb9f2727f
SSDEEP

3072:V9kx7xWEd5JPjgfPUH0/UVTgSDZ5TCQ3lH9P6bef:V9kx7MEd7g0H0/UZgSd5TBVH9Sbe

Score

1^/10

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 1316	1748	67ac8a7948c19b94a25753a74aca75651fe9bd8fa17361efc558e2688de232ee.exe	28
PID 1748 wrote to memory of 1316	1748	67ac8a7948c19b94a25753a74aca75651fe9bd8fa17361efc558e2688de232ee.exe	28
PID 1748 wrote to memory of 1316	1748	67ac8a7948c19b94a25753a74aca75651fe9bd8fa17361efc558e2688de232ee.exe	28
PID 1748 wrote to memory of 1316	1748	67ac8a7948c19b94a25753a74aca75651fe9bd8fa17361efc558e2688de232ee.exe	28
PID 1316 wrote to memory of 564	1316	net.exe	30
PID 1316 wrote to memory of 564	1316	net.exe	30
PID 1316 wrote to memory of 564	1316	net.exe	30
PID 1316 wrote to memory of 564	1316	net.exe	30
PID 1748 wrote to memory of 1924	1748	67ac8a7948c19b94a25753a74aca75651fe9bd8fa17361efc558e2688de232ee.exe	31
PID 1748 wrote to memory of 1924	1748	67ac8a7948c19b94a25753a74aca75651fe9bd8fa17361efc558e2688de232ee.exe	31
PID 1748 wrote to memory of 1924	1748	67ac8a7948c19b94a25753a74aca75651fe9bd8fa17361efc558e2688de232ee.exe	31
PID 1748 wrote to memory of 1924	1748	67ac8a7948c19b94a25753a74aca75651fe9bd8fa17361efc558e2688de232ee.exe	31
PID 1924 wrote to memory of 576	1924	net.exe	33
PID 1924 wrote to memory of 576	1924	net.exe	33
PID 1924 wrote to memory of 576	1924	net.exe	33
PID 1924 wrote to memory of 576	1924	net.exe	33

C:\Users\Admin\AppData\Local\Temp\67ac8a7948c19b94a25753a74aca75651fe9bd8fa17361efc558e2688de232ee.exe
"C:\Users\Admin\AppData\Local\Temp\67ac8a7948c19b94a25753a74aca75651fe9bd8fa17361efc558e2688de232ee.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Windows\SysWOW64\net.exe
  net stop wscsvc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1316
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop wscsvc
    3⤵
    PID:564
- C:\Windows\SysWOW64\net.exe
  net stop SharedAccess
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1924
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop SharedAccess
    3⤵
    PID:576

memory/564-60-0x0000000000000000-mapping.dmp

Download
memory/576-64-0x0000000000000000-mapping.dmp

Download
memory/1316-59-0x0000000000000000-mapping.dmp

Download
memory/1748-54-0x0000000076381000-0x0000000076383000-memory.dmp

Filesize
8KB

Download
memory/1748-55-0x00000000002B0000-0x00000000002F4000-memory.dmp

Filesize
272KB

Download
memory/1748-56-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1748-57-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1748-58-0x00000000002B0000-0x00000000002F4000-memory.dmp

Filesize
272KB

Download
memory/1748-61-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1748-63-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1924-62-0x0000000000000000-mapping.dmp

Download