b8755faf323d9e4d25d6a595e24f7d813f99f328fa847bfd173309354c446d9d

Analysis

max time kernel
59s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 17:26

Target

b8755faf323d9e4d25d6a595e24f7d813f99f328fa847bfd173309354c446d9d.exe
Size

500KB
MD5

4bd7fdf52d1d246aad8c2ef00b2ba6ed
SHA1

b6cb30da7975923607beb17ffed3b365dc3e5ebe
SHA256

b8755faf323d9e4d25d6a595e24f7d813f99f328fa847bfd173309354c446d9d
SHA512

fc9cf9917ad5567f590fc791ad58b3063e26ef6f59a8766aab28e3c57e443ef504e7aeefa4efa3eca36433d14e3832695204f86b367a3768fa9137adc305bd74
SSDEEP

12288:sgILudWqnAEhb+7CM7qnAEhb+7CMXvrZDEY:YM8xV

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 900	1100	b8755faf323d9e4d25d6a595e24f7d813f99f328fa847bfd173309354c446d9d.exe	28
PID 1100 wrote to memory of 900	1100	b8755faf323d9e4d25d6a595e24f7d813f99f328fa847bfd173309354c446d9d.exe	28
PID 1100 wrote to memory of 900	1100	b8755faf323d9e4d25d6a595e24f7d813f99f328fa847bfd173309354c446d9d.exe	28
PID 1100 wrote to memory of 900	1100	b8755faf323d9e4d25d6a595e24f7d813f99f328fa847bfd173309354c446d9d.exe	28

C:\Users\Admin\AppData\Local\Temp\b8755faf323d9e4d25d6a595e24f7d813f99f328fa847bfd173309354c446d9d.exe
"C:\Users\Admin\AppData\Local\Temp\b8755faf323d9e4d25d6a595e24f7d813f99f328fa847bfd173309354c446d9d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 508
  2⤵
  PID:900

memory/1100-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download
memory/1100-55-0x0000000074CB0000-0x000000007525B000-memory.dmp

Filesize
5.7MB

Download
memory/1100-56-0x0000000074CB0000-0x000000007525B000-memory.dmp

Filesize
5.7MB

Download