e3808d81a6b564e13a86962b0fa30efbbd3ed3a18911b480f7adce07b4b49ed8

Analysis

max time kernel
145s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 17:05

Target

e3808d81a6b564e13a86962b0fa30efbbd3ed3a18911b480f7adce07b4b49ed8.exe
Size

9KB
MD5

edf76b71f2be26cd7fee5853761b6eac
SHA1

0c0d0fe4d5f744360c27a89ce3ce1e4cb88c9443
SHA256

e3808d81a6b564e13a86962b0fa30efbbd3ed3a18911b480f7adce07b4b49ed8
SHA512

94e7e23a72c0c5fe19f3098743cc75ffbcdffd5b4de8ac37ebffa125db0ec52098879a52ba69081cfa310900454e62302bc06d0b76a1a220136f609588132b12
SSDEEP

96:PoLHnIxLxTBRl14Z6a51hGqcE28YlnlYJomLLqL0KfflwVEBfQj1TRXmmVUZyixG:wLsLFreLaVlnlYJ32LTqVySKo4

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1636	dw20.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 564 wrote to memory of 1636	564	e3808d81a6b564e13a86962b0fa30efbbd3ed3a18911b480f7adce07b4b49ed8.exe	28
PID 564 wrote to memory of 1636	564	e3808d81a6b564e13a86962b0fa30efbbd3ed3a18911b480f7adce07b4b49ed8.exe	28
PID 564 wrote to memory of 1636	564	e3808d81a6b564e13a86962b0fa30efbbd3ed3a18911b480f7adce07b4b49ed8.exe	28
PID 564 wrote to memory of 1636	564	e3808d81a6b564e13a86962b0fa30efbbd3ed3a18911b480f7adce07b4b49ed8.exe	28

C:\Users\Admin\AppData\Local\Temp\e3808d81a6b564e13a86962b0fa30efbbd3ed3a18911b480f7adce07b4b49ed8.exe
"C:\Users\Admin\AppData\Local\Temp\e3808d81a6b564e13a86962b0fa30efbbd3ed3a18911b480f7adce07b4b49ed8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:564
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 424
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1636

memory/564-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download
memory/564-57-0x0000000074300000-0x00000000748AB000-memory.dmp

Filesize
5.7MB

Download
memory/564-58-0x0000000074300000-0x00000000748AB000-memory.dmp

Filesize
5.7MB

Download