80759cbf195775f473fb457ee4c4870256c87dc089d75ca10b36eba13e2ffd64

Analysis

max time kernel
279s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 09:28

Target

80759cbf195775f473fb457ee4c4870256c87dc089d75ca10b36eba13e2ffd64.exe
Size

113KB
MD5

2178ecc83f1d1f1e3a5f8c8e114a0540
SHA1

8992b9f0eea0b3410bae2ab87699f6c6296ea5d7
SHA256

80759cbf195775f473fb457ee4c4870256c87dc089d75ca10b36eba13e2ffd64
SHA512

e88ea956c21f5fca5fdb6a17db450c2ea9e44dff7fb6f0e565ba69f50e08322786039808a56f471c42f711c4ef40486ea034319eb5f4e10db92da5321ad35aa2
SSDEEP

1536:pwz4Fm29gVAKpl0JXEgLm0P1nlSkicdhQjLxob8MM1LfAEHJr7bKTJsePIhk5YL:kJlZriEgztJQjLxooRLvr72TQk5YL

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5020	80759cbf195775f473fb457ee4c4870256c87dc089d75ca10b36eba13e2ffd64.exe
5020	80759cbf195775f473fb457ee4c4870256c87dc089d75ca10b36eba13e2ffd64.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 2620	5020	80759cbf195775f473fb457ee4c4870256c87dc089d75ca10b36eba13e2ffd64.exe	59
PID 5020 wrote to memory of 2620	5020	80759cbf195775f473fb457ee4c4870256c87dc089d75ca10b36eba13e2ffd64.exe	59
PID 5020 wrote to memory of 2620	5020	80759cbf195775f473fb457ee4c4870256c87dc089d75ca10b36eba13e2ffd64.exe	59
PID 5020 wrote to memory of 2620	5020	80759cbf195775f473fb457ee4c4870256c87dc089d75ca10b36eba13e2ffd64.exe	59
PID 5020 wrote to memory of 2620	5020	80759cbf195775f473fb457ee4c4870256c87dc089d75ca10b36eba13e2ffd64.exe	59

memory/5020-132-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5020-133-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download