0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac

Analysis

max time kernel
146s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 06:45

Target

0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac.exe
Size

55KB
MD5

4a91c00c155810cf39fcdb073427c87d
SHA1

97457f5bbd363bb7197a932a32e84e3533182f4e
SHA256

0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac
SHA512

acc6d911a2607ebb1a8428d16e8038810fa15f6ec535c3858c4e916460919d60bf62cc54211cab42fd484be6fa1079a55b60bb87db75d3b26e2ad808aec40c3a
SSDEEP

1536:XMbCmCqR8B+dy5TY7LbH7Pta8Jct5PavVTskg:XXmCLoy5TYr7PtqP8W

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 4956	4676	0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac.exe	82
PID 4676 wrote to memory of 4956	4676	0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac.exe	82
PID 4676 wrote to memory of 4956	4676	0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac.exe	82

C:\Users\Admin\AppData\Local\Temp\0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac.exe
"C:\Users\Admin\AppData\Local\Temp\0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4676
- C:\Users\Admin\AppData\Local\Temp\0bb38b26d95dff1488cf9894cbc25b44b8d9b6793396ced70cb79f181b0046ac.exe
  C:\Users\Admin\AppData\Local\Temp\0bb38b26d95dff148" 48
  2⤵
  PID:4956

memory/4956-133-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download