e08fe3a548d908ff94ce5b5934aa6beeef9165dae8b4fc60de41b34dc2dd59a2

Resubmissions

06/01/2023, 05:18

06/01/2023, 04:11

max time kernel
23s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/01/2023, 04:11

Target

test.scr
Size

734.9MB
MD5

e47fa5b703764885b6bea8aded50675b
SHA1

8ca16594f5f3a4b58f4150b8811a8ce0dfdfab82
SHA256

303eb6c7e0c940679ac030c41c359d1b3ece51e4ee09d465001eddef435a2f11
SHA512

12a652dc7d831a059eea3271509ea2d5d705a33d0a9d45d725586835f85551db0b167af1e3d3d6e1734f46494a07701748e1b624232ecb131d107fe7d0dbb71a
SSDEEP

49152:7obxvbkfN8ObOQzhSSsOfADj58uFxDEF4B6iiw/n:8dvgN8yaDquFxDbSC

Score

1^/10

Suspicious behavior: EnumeratesProcesses 21 IoCs

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 2028	1108	test.scr	28
PID 1108 wrote to memory of 2028	1108	test.scr	28
PID 1108 wrote to memory of 2028	1108	test.scr	28
PID 1108 wrote to memory of 2028	1108	test.scr	28
PID 1108 wrote to memory of 2028	1108	test.scr	28
PID 1108 wrote to memory of 2028	1108	test.scr	28
PID 1108 wrote to memory of 2028	1108	test.scr	28
PID 1108 wrote to memory of 2028	1108	test.scr	28
PID 1108 wrote to memory of 2028	1108	test.scr	28
PID 1108 wrote to memory of 2028	1108	test.scr	28
PID 1108 wrote to memory of 2028	1108	test.scr	28
PID 1108 wrote to memory of 2028	1108	test.scr	28
PID 1108 wrote to memory of 2028	1108	test.scr	28
PID 1108 wrote to memory of 2028	1108	test.scr	28
PID 1108 wrote to memory of 2028	1108	test.scr	28

C:\Users\Admin\AppData\Local\Temp\test.scr
"C:\Users\Admin\AppData\Local\Temp\test.scr" /S
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe
  "C:\Users\Admin\AppData\Local\Temp\test.scr" /S
  2⤵
  PID:2028

memory/1108-54-0x00000000767F1000-0x00000000767F3000-memory.dmp

Filesize
8KB

Download
memory/1108-55-0x0000000030C20000-0x0000000030C9B000-memory.dmp

Filesize
492KB

Download
memory/1108-58-0x0000000030C20000-0x0000000030C9B000-memory.dmp

Filesize
492KB

Download
memory/1108-59-0x0000000030CA0000-0x0000000030E20000-memory.dmp

Filesize
1.5MB

Download
memory/2028-57-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download