b7e59768071d2e1fa278737c39770d2c712cc4c7c9a631c42ae06b7acd4f679a

Analysis

max time kernel
189s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
08/10/2023, 00:49

Target

BlastProcessing.mp3
Size

1.5MB
MD5

0f18c41b77b7dde56142216c1a7380b9
SHA1

f9c9f1ce75cd46b57f67695b155910855c9bdee4
SHA256

ee20a9c12bcb12f5068c4e360706f6c7835424da12481ce85af392d46e501501
SHA512

a1e832363fe6c4bc56f67e10f05d9de745a2bfdfe259db88fcb883d73afe25e3a64242df403aa4b2990a0eff0baa36d2829d5f73a5353acd6b963262769f84ae
SSDEEP

24576:0ILyJUxiOrzxftW9ooe0fk6L3NgDL2gRQGxLD3tyFz8oCljgiSlPrZR:0nJUQOrZa+iNpglxLLkFXJPlv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3848 wrote to memory of 2744	3848	wmplayer.exe	99
PID 3848 wrote to memory of 2744	3848	wmplayer.exe	99
PID 3848 wrote to memory of 2744	3848	wmplayer.exe	99

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\BlastProcessing.mp3"
1⤵
- Suspicious use of WriteProcessMemory
PID:3848
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\BlastProcessing.mp3"
  2⤵
  PID:2744
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  PID:3288