b4b7957fff47394114ab83aafaa608f078c6fbe87beba2214383074239c66e8f

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 14:51

Target

b4b7957fff47394114ab83aafaa608f078c6fbe87beba2214383074239c66e8f.exe
Size

6.9MB
MD5

ad778c3d40b72bea6039309488aaf290
SHA1

5b9e7420fa5b99426995387641bf3fc8951621ee
SHA256

b4b7957fff47394114ab83aafaa608f078c6fbe87beba2214383074239c66e8f
SHA512

a95b16c811ed4d266db804ffcf231431e3b7af4e26072dbfba31bfb7505b1efcdddf5d05f2d4cfd373601ec96e8bf725d1e0d00f2b5277a999da67b53a0531da
SSDEEP

196608:swfZk0n0okYIJOOmbewNRqT20b+j4WbYRu707i1zw3:swfG40cKl6esqTFObwGNw3

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 968	1104	b4b7957fff47394114ab83aafaa608f078c6fbe87beba2214383074239c66e8f.exe	27
PID 1104 wrote to memory of 968	1104	b4b7957fff47394114ab83aafaa608f078c6fbe87beba2214383074239c66e8f.exe	27
PID 1104 wrote to memory of 968	1104	b4b7957fff47394114ab83aafaa608f078c6fbe87beba2214383074239c66e8f.exe	27
PID 1104 wrote to memory of 968	1104	b4b7957fff47394114ab83aafaa608f078c6fbe87beba2214383074239c66e8f.exe	27

C:\Users\Admin\AppData\Local\Temp\b4b7957fff47394114ab83aafaa608f078c6fbe87beba2214383074239c66e8f.exe
"C:\Users\Admin\AppData\Local\Temp\b4b7957fff47394114ab83aafaa608f078c6fbe87beba2214383074239c66e8f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 424
  2⤵
  PID:968

memory/1104-54-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download
memory/1104-57-0x0000000074760000-0x0000000074D0B000-memory.dmp

Filesize
5.7MB

Download
memory/1104-58-0x0000000074760000-0x0000000074D0B000-memory.dmp

Filesize
5.7MB

Download