3cddcc1f8d856ef94340d73288dfcf4deb5fb62db5cc5db18d93a6de0976ce7e

Analysis

max time kernel
46s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 05:00

Target

3cddcc1f8d856ef94340d73288dfcf4deb5fb62db5cc5db18d93a6de0976ce7e.exe
Size

112KB
MD5

67597f179b1a2ddae49cbc7a073c2e50
SHA1

7ff3d4d8c662df4bd384df8ebafa0d10615c5575
SHA256

3cddcc1f8d856ef94340d73288dfcf4deb5fb62db5cc5db18d93a6de0976ce7e
SHA512

e47c382c5a41878d654a85740b5bcc214291a39141607f1406fc78d26d400a0383ea622e79aab3e9fa5d2d99f6c03f1716fd5010fd6cb03fab1a98948e4c9392
SSDEEP

1536:qCa4aUmf3O0Oy+ByW61VPlmzZ1UfAoOFQh0QePFPro4QwbjCHrSDlr:3adfePyWaTmzZkA3mDYgwHKrSDl

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1444 wrote to memory of 1088	1444	3cddcc1f8d856ef94340d73288dfcf4deb5fb62db5cc5db18d93a6de0976ce7e.exe	27
PID 1444 wrote to memory of 1088	1444	3cddcc1f8d856ef94340d73288dfcf4deb5fb62db5cc5db18d93a6de0976ce7e.exe	27
PID 1444 wrote to memory of 1088	1444	3cddcc1f8d856ef94340d73288dfcf4deb5fb62db5cc5db18d93a6de0976ce7e.exe	27
PID 1444 wrote to memory of 1088	1444	3cddcc1f8d856ef94340d73288dfcf4deb5fb62db5cc5db18d93a6de0976ce7e.exe	27

C:\Users\Admin\AppData\Local\Temp\3cddcc1f8d856ef94340d73288dfcf4deb5fb62db5cc5db18d93a6de0976ce7e.exe
"C:\Users\Admin\AppData\Local\Temp\3cddcc1f8d856ef94340d73288dfcf4deb5fb62db5cc5db18d93a6de0976ce7e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 480
  2⤵
  PID:1088

memory/1444-54-0x0000000075D71000-0x0000000075D73000-memory.dmp

Filesize
8KB

Download
memory/1444-57-0x0000000074850000-0x0000000074DFB000-memory.dmp

Filesize
5.7MB

Download
memory/1444-58-0x0000000074850000-0x0000000074DFB000-memory.dmp

Filesize
5.7MB

Download