1bc2c2a694bb62a4e6e8a4ec810b226282f1f831711cca48a0f8e00c4ea4742f

Analysis

max time kernel
154s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 06:25

Target

1bc2c2a694bb62a4e6e8a4ec810b226282f1f831711cca48a0f8e00c4ea4742f.exe
Size

61KB
MD5

12073c26bf38afba6aaf109a898f74b3
SHA1

4d4f915223acf60e70a46420939fb566f2317732
SHA256

1bc2c2a694bb62a4e6e8a4ec810b226282f1f831711cca48a0f8e00c4ea4742f
SHA512

fbb1f59e629ec0936c3728375cebed87b5433fd2c2c105042d509e58caf7cfbd48f6cbf8e2e1a30e0771e4e700e93f6e69ed447eac32749d6f552433aa76c0de
SSDEEP

1536:/z46C638Y+NYjPczO1Vkkr3vLcvVTskg:TCbYj4WkkTjSW

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 4280	2256	1bc2c2a694bb62a4e6e8a4ec810b226282f1f831711cca48a0f8e00c4ea4742f.exe	79
PID 2256 wrote to memory of 4280	2256	1bc2c2a694bb62a4e6e8a4ec810b226282f1f831711cca48a0f8e00c4ea4742f.exe	79
PID 2256 wrote to memory of 4280	2256	1bc2c2a694bb62a4e6e8a4ec810b226282f1f831711cca48a0f8e00c4ea4742f.exe	79

C:\Users\Admin\AppData\Local\Temp\1bc2c2a694bb62a4e6e8a4ec810b226282f1f831711cca48a0f8e00c4ea4742f.exe
"C:\Users\Admin\AppData\Local\Temp\1bc2c2a694bb62a4e6e8a4ec810b226282f1f831711cca48a0f8e00c4ea4742f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Users\Admin\AppData\Local\Temp\1bc2c2a694bb62a4e6e8a4ec810b226282f1f831711cca48a0f8e00c4ea4742f.exe
  C:\Users\Admin\AppData\Local\Temp\1bc2c2a694bb62a4e" 48
  2⤵
  PID:4280

memory/4280-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download