0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 06:45

Target

0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac.exe
Size

55KB
MD5

4a91c00c155810cf39fcdb073427c87d
SHA1

97457f5bbd363bb7197a932a32e84e3533182f4e
SHA256

0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac
SHA512

acc6d911a2607ebb1a8428d16e8038810fa15f6ec535c3858c4e916460919d60bf62cc54211cab42fd484be6fa1079a55b60bb87db75d3b26e2ad808aec40c3a
SSDEEP

1536:XMbCmCqR8B+dy5TY7LbH7Pta8Jct5PavVTskg:XXmCLoy5TYr7PtqP8W

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 1028	1528	0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac.exe	27
PID 1528 wrote to memory of 1028	1528	0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac.exe	27
PID 1528 wrote to memory of 1028	1528	0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac.exe	27
PID 1528 wrote to memory of 1028	1528	0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac.exe	27

C:\Users\Admin\AppData\Local\Temp\0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac.exe
"C:\Users\Admin\AppData\Local\Temp\0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Users\Admin\AppData\Local\Temp\0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac.exe
  C:\Users\Admin\AppData\Local\Temp\0bb38b26d95dff148" 48
  2⤵
  PID:1028

memory/1028-57-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/1528-54-0x0000000075021000-0x0000000075023000-memory.dmp

Filesize
8KB

Download