78a28b25b330513649439305a5d9293cb07fb796ad6521ef31f39a5453a549d8

Resubmissions

07-09-2023 14:45

07-09-2023 14:12

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
07-09-2023 14:45

Target

4e180437ef807b6ded234ad54f506d0cff518c980a055013871529b5905a46a9.exe
Size

71KB
MD5

7d09bbc0aee91d29b3e62aa7889d75ac
SHA1

dcc48feec76915615fca1db6e2e726543fba9566
SHA256

4e180437ef807b6ded234ad54f506d0cff518c980a055013871529b5905a46a9
SHA512

3f476f40f9a17919946df05bca46d0169531fd32982cc7c62ec685aef680c2fe064361da928fb174274c88f25b64db75f9c996e271e5b3a0836aa4101649a275
SSDEEP

192:YKA9x8uHsLXl0Hjo7WLom8YHwOrDU0U4cbHaF55n3nN7a:YKA9WuwXl0YZm8eDr40/cuF73Za

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2588	dw20.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 2588	2828	4e180437ef807b6ded234ad54f506d0cff518c980a055013871529b5905a46a9.exe	28
PID 2828 wrote to memory of 2588	2828	4e180437ef807b6ded234ad54f506d0cff518c980a055013871529b5905a46a9.exe	28
PID 2828 wrote to memory of 2588	2828	4e180437ef807b6ded234ad54f506d0cff518c980a055013871529b5905a46a9.exe	28

C:\Users\Admin\AppData\Local\Temp\4e180437ef807b6ded234ad54f506d0cff518c980a055013871529b5905a46a9.exe
"C:\Users\Admin\AppData\Local\Temp\4e180437ef807b6ded234ad54f506d0cff518c980a055013871529b5905a46a9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 820
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2588

memory/2588-4-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/2588-7-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/2828-0-0x0000000000CD0000-0x0000000000CE8000-memory.dmp

Filesize
96KB

Download
memory/2828-1-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp

Filesize
9.6MB

Download
memory/2828-2-0x00000000002F0000-0x0000000000370000-memory.dmp

Filesize
512KB

Download
memory/2828-3-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp

Filesize
9.6MB

Download
memory/2828-5-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp

Filesize
9.6MB

Download
memory/2828-6-0x00000000002F0000-0x0000000000370000-memory.dmp

Filesize
512KB

Download