c07379fcbc9702f298fed2c16c9cb7e76813b920ececbfa179fc526a762bf5b7

Analysis

max time kernel
152s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 17:38

Target

c07379fcbc9702f298fed2c16c9cb7e76813b920ececbfa179fc526a762bf5b7.exe
Size

1.3MB
MD5

c49c3b24d1b644ef363a031a4d094939
SHA1

93ca96e229abf1be6a6b3595bbdc43fad8e2e7cd
SHA256

c07379fcbc9702f298fed2c16c9cb7e76813b920ececbfa179fc526a762bf5b7
SHA512

d9c0a5569806b78427e82765e5adae59fa7542dcdf1ce0322639b68b38875186777bddf60be1144020aba91c283c712d874de3ca0a1774a7ae966f2f5d01e249
SSDEEP

24576:oysPE6wl3AeMbd94s5tWlrHH0xcChT49YhK4y+Tn9:oSlwemB/nGYhKb+T9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 2640	3504	c07379fcbc9702f298fed2c16c9cb7e76813b920ececbfa179fc526a762bf5b7.exe	85
PID 3504 wrote to memory of 2640	3504	c07379fcbc9702f298fed2c16c9cb7e76813b920ececbfa179fc526a762bf5b7.exe	85
PID 3504 wrote to memory of 2640	3504	c07379fcbc9702f298fed2c16c9cb7e76813b920ececbfa179fc526a762bf5b7.exe	85

C:\Users\Admin\AppData\Local\Temp\c07379fcbc9702f298fed2c16c9cb7e76813b920ececbfa179fc526a762bf5b7.exe
"C:\Users\Admin\AppData\Local\Temp\c07379fcbc9702f298fed2c16c9cb7e76813b920ececbfa179fc526a762bf5b7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\SDelinves_1.bat
  2⤵
  PID:2640

C:\Users\Admin\AppData\Local\Temp\SDelinves_1.bat

Filesize
276B

MD5
3a47177524e8756071dd68fd437bd84d

SHA1
8da7dde7536f4ab6ddf449b453c33aa005b39cdd

SHA256
dd4ecfdb5fd54f4c77e3c162492e45429253f4fd563849f54f37eb34032ac22c

SHA512
bd9c692a648b4683937411d78faa73ede3242f459cecc22f2d276023b93189c088643adcb10f56e655df12fa9320ab1cbde07ce44fb23f2c29eb240331db0857

Download Submit
memory/2640-132-0x0000000000000000-mapping.dmp

Download