f278c04a91ae77887e7a0794684276ad123599ad2e43d88b4b457c4795977a77

Analysis

max time kernel
59s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 11:43

Target

f278c04a91ae77887e7a0794684276ad123599ad2e43d88b4b457c4795977a77.exe
Size

2.3MB
MD5

62f9701bd4e266c2b28b3b993afd4dc5
SHA1

1b2fc8e1a797b327fc1ace2602e8280e146d6303
SHA256

f278c04a91ae77887e7a0794684276ad123599ad2e43d88b4b457c4795977a77
SHA512

f261cb6459255e1865ac7992fa0ad2cd3d7e6779eb726567708cef8265176c474c9a6a2985bce680c8d012342ba7139e2dba24b9d722b3c486f60e8c2c6d52b8
SSDEEP

49152:ylY613bT2IiomhgLYTRk30hszugJ4Iwlp0d5L4ZU:ylO1REZCu4Np0rL4ZU

Score

1^/10

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 1408	1188	f278c04a91ae77887e7a0794684276ad123599ad2e43d88b4b457c4795977a77.exe	28
PID 1188 wrote to memory of 1408	1188	f278c04a91ae77887e7a0794684276ad123599ad2e43d88b4b457c4795977a77.exe	28
PID 1188 wrote to memory of 1408	1188	f278c04a91ae77887e7a0794684276ad123599ad2e43d88b4b457c4795977a77.exe	28
PID 1188 wrote to memory of 1408	1188	f278c04a91ae77887e7a0794684276ad123599ad2e43d88b4b457c4795977a77.exe	28
PID 1188 wrote to memory of 1408	1188	f278c04a91ae77887e7a0794684276ad123599ad2e43d88b4b457c4795977a77.exe	28
PID 1188 wrote to memory of 1408	1188	f278c04a91ae77887e7a0794684276ad123599ad2e43d88b4b457c4795977a77.exe	28
PID 1188 wrote to memory of 1408	1188	f278c04a91ae77887e7a0794684276ad123599ad2e43d88b4b457c4795977a77.exe	28
PID 1408 wrote to memory of 1752	1408	Net.exe	30
PID 1408 wrote to memory of 1752	1408	Net.exe	30
PID 1408 wrote to memory of 1752	1408	Net.exe	30
PID 1408 wrote to memory of 1752	1408	Net.exe	30
PID 1408 wrote to memory of 1752	1408	Net.exe	30
PID 1408 wrote to memory of 1752	1408	Net.exe	30
PID 1408 wrote to memory of 1752	1408	Net.exe	30

C:\Users\Admin\AppData\Local\Temp\f278c04a91ae77887e7a0794684276ad123599ad2e43d88b4b457c4795977a77.exe
"C:\Users\Admin\AppData\Local\Temp\f278c04a91ae77887e7a0794684276ad123599ad2e43d88b4b457c4795977a77.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Windows\SysWOW64\Net.exe
  Net Stop PcaSvc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1408
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 Stop PcaSvc
    3⤵
    PID:1752

memory/1188-54-0x0000000075BE1000-0x0000000075BE3000-memory.dmp

Filesize
8KB

Download