6e1ed399208181975e0dbc8727129acdfc6b824f0558d15c3053cfda5894d61d

Analysis

max time kernel
79s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 03:49

Target

6e1ed399208181975e0dbc8727129acdfc6b824f0558d15c3053cfda5894d61d.exe
Size

56KB
MD5

581825d784ea3d6311575d72c4088296
SHA1

6996850c5defc6b903d4be67c2ed690d32496f67
SHA256

6e1ed399208181975e0dbc8727129acdfc6b824f0558d15c3053cfda5894d61d
SHA512

74bfea6c3a1901295d001526238e692474dccaa60c5bd45ffc43bc3878067ce34ff2daca378ab463a7cddcaff5ea699b0d8225734f445fd94d6ee3e241e7c741
SSDEEP

768:L7TvDLsxqniCqj88kHI+PmkdfHkWEhc6HJ3WLuk66ZKaHPFCgTenuVMMs:njDgxqiCqj8yScW96HJ8uk65avVTskg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2976	2960	6e1ed399208181975e0dbc8727129acdfc6b824f0558d15c3053cfda5894d61d.exe	80
PID 2960 wrote to memory of 2976	2960	6e1ed399208181975e0dbc8727129acdfc6b824f0558d15c3053cfda5894d61d.exe	80
PID 2960 wrote to memory of 2976	2960	6e1ed399208181975e0dbc8727129acdfc6b824f0558d15c3053cfda5894d61d.exe	80

C:\Users\Admin\AppData\Local\Temp\6e1ed399208181975e0dbc8727129acdfc6b824f0558d15c3053cfda5894d61d.exe
"C:\Users\Admin\AppData\Local\Temp\6e1ed399208181975e0dbc8727129acdfc6b824f0558d15c3053cfda5894d61d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Users\Admin\AppData\Local\Temp\6e1ed399208181975e0dbc8727129acdfc6b824f0558d15c3053cfda5894d61d.exe
  C:\Users\Admin\AppData\Local\Temp\6e1ed399208181975" 48
  2⤵
  PID:2976

memory/2976-133-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download