449b55d2d6732153a4b0dc9c44b3177eea30148102ece977af6028c80c604b04

Analysis

max time kernel
189s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 05:28

Target

449b55d2d6732153a4b0dc9c44b3177eea30148102ece977af6028c80c604b04.exe
Size

56KB
MD5

2c3c5f29a047c4f11dcadc46bac0eb90
SHA1

9f87c928378879b81570481a5168d15b8493897d
SHA256

449b55d2d6732153a4b0dc9c44b3177eea30148102ece977af6028c80c604b04
SHA512

392176b01142013eb1d2035127145630a2fafd7d757bd844b8b8c4075399170c650be205bfc92cef6212b17a97c8fae3a9351c359e099d59bb3976ee0f209df9
SSDEEP

1536:0ArQhtCqj8HXKk7w1Q5hkwJxsqt/OcR3savVTskg:0ArQhtCp7w1Q5hkwbnzc8W

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 4520	3440	449b55d2d6732153a4b0dc9c44b3177eea30148102ece977af6028c80c604b04.exe	83
PID 3440 wrote to memory of 4520	3440	449b55d2d6732153a4b0dc9c44b3177eea30148102ece977af6028c80c604b04.exe	83
PID 3440 wrote to memory of 4520	3440	449b55d2d6732153a4b0dc9c44b3177eea30148102ece977af6028c80c604b04.exe	83

C:\Users\Admin\AppData\Local\Temp\449b55d2d6732153a4b0dc9c44b3177eea30148102ece977af6028c80c604b04.exe
"C:\Users\Admin\AppData\Local\Temp\449b55d2d6732153a4b0dc9c44b3177eea30148102ece977af6028c80c604b04.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Users\Admin\AppData\Local\Temp\449b55d2d6732153a4b0dc9c44b3177eea30148102ece977af6028c80c604b04.exe
  C:\Users\Admin\AppData\Local\Temp\449b55d2d6732153a" 48
  2⤵
  PID:4520

memory/4520-132-0x0000000000000000-mapping.dmp

Download
memory/4520-133-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download