b6c98f8ae72ca10d073d4e8590b28e31b2acfb70528c610acaa3577a28c984c7

Analysis

max time kernel
37s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 06:47

Target

b6c98f8ae72ca10d073d4e8590b28e31b2acfb70528c610acaa3577a28c984c7.exe
Size

42KB
MD5

460b23194b4636745a2dcdc17a652910
SHA1

897894653277163b40a78d0b194bb2136ce486f9
SHA256

b6c98f8ae72ca10d073d4e8590b28e31b2acfb70528c610acaa3577a28c984c7
SHA512

2c5cef53c6cd9e6839ef0e2790dcd66a32721c6c658dc5e60f0b467529316bc0abc3326fd781b6ae4a5b917254864af27519abf393b7ce53d194c74b2a4390f5
SSDEEP

768:oMGRP5Tt5UA2/YWmECGevAevx8ti7+5AiwqJ2Np0M1T9H:QRP5Tt5JdmtiK5AicNaU

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 896	1992	b6c98f8ae72ca10d073d4e8590b28e31b2acfb70528c610acaa3577a28c984c7.exe	26
PID 1992 wrote to memory of 896	1992	b6c98f8ae72ca10d073d4e8590b28e31b2acfb70528c610acaa3577a28c984c7.exe	26
PID 1992 wrote to memory of 896	1992	b6c98f8ae72ca10d073d4e8590b28e31b2acfb70528c610acaa3577a28c984c7.exe	26
PID 1992 wrote to memory of 896	1992	b6c98f8ae72ca10d073d4e8590b28e31b2acfb70528c610acaa3577a28c984c7.exe	26

C:\Users\Admin\AppData\Local\Temp\b6c98f8ae72ca10d073d4e8590b28e31b2acfb70528c610acaa3577a28c984c7.exe
"C:\Users\Admin\AppData\Local\Temp\b6c98f8ae72ca10d073d4e8590b28e31b2acfb70528c610acaa3577a28c984c7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 424
  2⤵
  PID:896

memory/1992-54-0x0000000076141000-0x0000000076143000-memory.dmp

Filesize
8KB

Download
memory/1992-55-0x0000000074840000-0x0000000074DEB000-memory.dmp

Filesize
5.7MB

Download
memory/1992-58-0x0000000074840000-0x0000000074DEB000-memory.dmp

Filesize
5.7MB

Download