512b2609fa7d398c32465fe0e4092c0f1f337ba4471252c16f645df77212c43e

Analysis

max time kernel
371s
max time network
454s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 18:53

Target

512b2609fa7d398c32465fe0e4092c0f1f337ba4471252c16f645df77212c43e.exe
Size

854KB
MD5

251991e45cfee086aba5e5ae22d31a54
SHA1

bc2cc8b92968e969e80338366874672fd374f030
SHA256

512b2609fa7d398c32465fe0e4092c0f1f337ba4471252c16f645df77212c43e
SHA512

a94055c58586c96b9c66cb3d7cf2e4590e7d06b0e58662fcec64d0dbf0e3a2275c17ca6799400fd67c1ac50e617eefa7418b5026a5321128b6e949426b75ccdc
SSDEEP

24576:jaWiuID1Y2e6EE1iZF+3a9pj6AjDszA4bU:jaB91Y2ehE1i/ga/5UzF

Score

8^/10

Blocklisted process makes network request 6 IoCs

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 4956	3020	512b2609fa7d398c32465fe0e4092c0f1f337ba4471252c16f645df77212c43e.exe	79
PID 3020 wrote to memory of 4956	3020	512b2609fa7d398c32465fe0e4092c0f1f337ba4471252c16f645df77212c43e.exe	79
PID 3020 wrote to memory of 4956	3020	512b2609fa7d398c32465fe0e4092c0f1f337ba4471252c16f645df77212c43e.exe	79
PID 3020 wrote to memory of 4956	3020	512b2609fa7d398c32465fe0e4092c0f1f337ba4471252c16f645df77212c43e.exe	79
PID 3020 wrote to memory of 4956	3020	512b2609fa7d398c32465fe0e4092c0f1f337ba4471252c16f645df77212c43e.exe	79
PID 3020 wrote to memory of 4956	3020	512b2609fa7d398c32465fe0e4092c0f1f337ba4471252c16f645df77212c43e.exe	79
PID 3020 wrote to memory of 4956	3020	512b2609fa7d398c32465fe0e4092c0f1f337ba4471252c16f645df77212c43e.exe	79
PID 3020 wrote to memory of 4956	3020	512b2609fa7d398c32465fe0e4092c0f1f337ba4471252c16f645df77212c43e.exe	79
PID 3020 wrote to memory of 4956	3020	512b2609fa7d398c32465fe0e4092c0f1f337ba4471252c16f645df77212c43e.exe	79
PID 3020 wrote to memory of 4956	3020	512b2609fa7d398c32465fe0e4092c0f1f337ba4471252c16f645df77212c43e.exe	79
PID 3020 wrote to memory of 4956	3020	512b2609fa7d398c32465fe0e4092c0f1f337ba4471252c16f645df77212c43e.exe	79

C:\Users\Admin\AppData\Local\Temp\512b2609fa7d398c32465fe0e4092c0f1f337ba4471252c16f645df77212c43e.exe
"C:\Users\Admin\AppData\Local\Temp\512b2609fa7d398c32465fe0e4092c0f1f337ba4471252c16f645df77212c43e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\SysWOW64\rundll32.exe
  "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
  2⤵
  - Blocklisted process makes network request
  PID:4956

memory/3020-133-0x0000000002178000-0x0000000002219000-memory.dmp

Filesize
644KB

Download
memory/3020-134-0x0000000002240000-0x0000000002335000-memory.dmp

Filesize
980KB

Download
memory/3020-135-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download