6629fd327706ece79f824a2963e1c86b83ba9c51e5e2ed6aed63a203ebba2d32

Analysis

max time kernel
274s
max time network
277s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
10/05/2023, 09:05

Target

0x0003000000000733-166/temp.exe
Size

15KB
MD5

41ccf51b3a24d3e1c6c9af8b0757022f
SHA1

acfc57baadd14e910d0b8da2064ed3252c7a5ae4
SHA256

c91ff88ac8b096bd1a10929dd500eb7bc53622a070cd7fc1b1d541eab2d16630
SHA512

3c873540ff416d7ea4b7c6b7adf225d990c3a0eb968da42f9bca385cce60986561163967ae1587f129ca60762f76b6038dc13846eb9ec28d4ad516302fe2d0e3
SSDEEP

384:6FLOnmzHEiSRVtE464nnnnn1zmijBnnndITSPtp57:6ximzHDku46Omz2

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 1980	1344	temp.exe	27
PID 1344 wrote to memory of 1980	1344	temp.exe	27
PID 1344 wrote to memory of 1980	1344	temp.exe	27
PID 1344 wrote to memory of 1980	1344	temp.exe	27

C:\Users\Admin\AppData\Local\Temp\0x0003000000000733-166\temp.exe
"C:\Users\Admin\AppData\Local\Temp\0x0003000000000733-166\temp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- \??\c:\windows\System32\wermgr.exe
  c:\windows\System32\wermgr.exe
  2⤵
  PID:1980

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
b5fcc55cffd66f38d548e8b63206c5e6

SHA1
79db08ababfa33a4f644fa8fe337195b5aba44c7

SHA256
7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

SHA512
aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

Download Submit
memory/1344-54-0x000000013FC50000-0x000000013FC58000-memory.dmp

Filesize
32KB

Download
memory/1980-97-0x0000000003140000-0x0000000003278000-memory.dmp

Filesize
1.2MB

Download
memory/1980-119-0x0000000002D40000-0x0000000002E41000-memory.dmp

Filesize
1.0MB

Download
memory/1980-141-0x0000000000430000-0x0000000000432000-memory.dmp

Filesize
8KB

Download
memory/1980-142-0x0000000002D40000-0x0000000002E41000-memory.dmp

Filesize
1.0MB

Download