2cda396b9836409ac7fe05b2cc31f1d904a16600400026c993fbb30c89db65cb

Analysis

max time kernel
24s
max time network
63s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 06:02

Target

2cda396b9836409ac7fe05b2cc31f1d904a16600400026c993fbb30c89db65cb.exe
Size

56KB
MD5

6848b14e11dc80509fd0eb4d55c89d8d
SHA1

5ad6d77665a089c22e847ad4f1acec95529419b4
SHA256

2cda396b9836409ac7fe05b2cc31f1d904a16600400026c993fbb30c89db65cb
SHA512

0e09755920af161ece2e233fe2be345784c7f95660300609e78f54d8be5052b962be8731d32c28b732157d2b999860739b14f9a3cd6a4140bdf70e219d2a89a1
SSDEEP

1536:R2700CqD8FP0Sd6BLnSm95WUjcCW2kCavVTskg:RK00Ct8c6cgrWS8W

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 1068	1220	2cda396b9836409ac7fe05b2cc31f1d904a16600400026c993fbb30c89db65cb.exe	28
PID 1220 wrote to memory of 1068	1220	2cda396b9836409ac7fe05b2cc31f1d904a16600400026c993fbb30c89db65cb.exe	28
PID 1220 wrote to memory of 1068	1220	2cda396b9836409ac7fe05b2cc31f1d904a16600400026c993fbb30c89db65cb.exe	28
PID 1220 wrote to memory of 1068	1220	2cda396b9836409ac7fe05b2cc31f1d904a16600400026c993fbb30c89db65cb.exe	28

C:\Users\Admin\AppData\Local\Temp\2cda396b9836409ac7fe05b2cc31f1d904a16600400026c993fbb30c89db65cb.exe
"C:\Users\Admin\AppData\Local\Temp\2cda396b9836409ac7fe05b2cc31f1d904a16600400026c993fbb30c89db65cb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Users\Admin\AppData\Local\Temp\2cda396b9836409ac7fe05b2cc31f1d904a16600400026c993fbb30c89db65cb.exe
  C:\Users\Admin\AppData\Local\Temp\2cda396b9836409ac" 48
  2⤵
  PID:1068

memory/1068-55-0x0000000000000000-mapping.dmp

Download
memory/1068-57-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/1220-54-0x00000000767F1000-0x00000000767F3000-memory.dmp

Filesize
8KB

Download