c2b1bb5bcf7bfde62d211a153c3b0e25bbdbd66f3b0c5b4de65c868b3d7db36e

Analysis

max time kernel
165s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 05:42

Target

c2b1bb5bcf7bfde62d211a153c3b0e25bbdbd66f3b0c5b4de65c868b3d7db36e.exe
Size

61KB
MD5

41132b2e72aeb0fb8fd8c09fedbad72b
SHA1

2dbb69290d8d028865cf349a72e2f28a56eff4f2
SHA256

c2b1bb5bcf7bfde62d211a153c3b0e25bbdbd66f3b0c5b4de65c868b3d7db36e
SHA512

1019129ad071454ae18fd75afa60d06c69b3298a066c8cb28c994a9c2acc6dc8b439719bf4212c260a61f3a24e4965c2648d987b26031e57b206721a8722ad62
SSDEEP

1536:L1hZ9Rk3C6m8Fml3W8YMmjFRsnYmmBdN:xWCK2GRjHsYm6D

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3856 wrote to memory of 1232	3856	c2b1bb5bcf7bfde62d211a153c3b0e25bbdbd66f3b0c5b4de65c868b3d7db36e.exe	84
PID 3856 wrote to memory of 1232	3856	c2b1bb5bcf7bfde62d211a153c3b0e25bbdbd66f3b0c5b4de65c868b3d7db36e.exe	84
PID 3856 wrote to memory of 1232	3856	c2b1bb5bcf7bfde62d211a153c3b0e25bbdbd66f3b0c5b4de65c868b3d7db36e.exe	84

C:\Users\Admin\AppData\Local\Temp\c2b1bb5bcf7bfde62d211a153c3b0e25bbdbd66f3b0c5b4de65c868b3d7db36e.exe
"C:\Users\Admin\AppData\Local\Temp\c2b1bb5bcf7bfde62d211a153c3b0e25bbdbd66f3b0c5b4de65c868b3d7db36e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3856
- C:\Users\Admin\AppData\Local\Temp\c2b1bb5bcf7bfde62d211a153c3b0e25bbdbd66f3b0c5b4de65c868b3d7db36e.exe
  C:\Users\Admin\AppData\Local\Temp\c2b1bb5bcf7bfde62" 48
  2⤵
  PID:1232

memory/1232-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download