2ff4d95f936b5ba2fe2d83e588f719f66d66cf973e80e54c7d533e8af46449ef

Analysis

max time kernel
37s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 22:26

Target

2ff4d95f936b5ba2fe2d83e588f719f66d66cf973e80e54c7d533e8af46449ef.exe
Size

5.6MB
MD5

f167dd25e43e77415e1715fcb2ebea9a
SHA1

ee8d41cd19b849f97c7cd4c8d311c5375e2fdf46
SHA256

2ff4d95f936b5ba2fe2d83e588f719f66d66cf973e80e54c7d533e8af46449ef
SHA512

44f7846def962a480407a8e544bea011f9cb451f3bf3c5bc67f24cf72918a4c5949fe4c89c27101436ccf8a1214c9ed2d3700dc5aec8a8b2fa6215e6c96cf334
SSDEEP

98304:4jKviD8SeuiQKcj/HSiKPujKOO+oM4IHt5eS9WRbQEw1gM43xH5Gk2Gi73MCN+r:fDbuf9xBvAyEeN4lUkRobN+r

Score

1^/10

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1052	2036	2ff4d95f936b5ba2fe2d83e588f719f66d66cf973e80e54c7d533e8af46449ef.exe	26
PID 2036 wrote to memory of 1052	2036	2ff4d95f936b5ba2fe2d83e588f719f66d66cf973e80e54c7d533e8af46449ef.exe	26
PID 2036 wrote to memory of 1052	2036	2ff4d95f936b5ba2fe2d83e588f719f66d66cf973e80e54c7d533e8af46449ef.exe	26
PID 2036 wrote to memory of 1052	2036	2ff4d95f936b5ba2fe2d83e588f719f66d66cf973e80e54c7d533e8af46449ef.exe	26
PID 2036 wrote to memory of 1052	2036	2ff4d95f936b5ba2fe2d83e588f719f66d66cf973e80e54c7d533e8af46449ef.exe	26
PID 2036 wrote to memory of 1052	2036	2ff4d95f936b5ba2fe2d83e588f719f66d66cf973e80e54c7d533e8af46449ef.exe	26
PID 2036 wrote to memory of 1052	2036	2ff4d95f936b5ba2fe2d83e588f719f66d66cf973e80e54c7d533e8af46449ef.exe	26
PID 1052 wrote to memory of 1156	1052	Net.exe	28
PID 1052 wrote to memory of 1156	1052	Net.exe	28
PID 1052 wrote to memory of 1156	1052	Net.exe	28
PID 1052 wrote to memory of 1156	1052	Net.exe	28
PID 1052 wrote to memory of 1156	1052	Net.exe	28
PID 1052 wrote to memory of 1156	1052	Net.exe	28
PID 1052 wrote to memory of 1156	1052	Net.exe	28

C:\Users\Admin\AppData\Local\Temp\2ff4d95f936b5ba2fe2d83e588f719f66d66cf973e80e54c7d533e8af46449ef.exe
"C:\Users\Admin\AppData\Local\Temp\2ff4d95f936b5ba2fe2d83e588f719f66d66cf973e80e54c7d533e8af46449ef.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\Net.exe
  Net Stop PcaSvc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1052
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 Stop PcaSvc
    3⤵
    PID:1156

memory/2036-54-0x0000000076151000-0x0000000076153000-memory.dmp

Filesize
8KB

Download