6c85b7d283e61adeb841aaa3ddb0b5c8ad1ca6650df408ed03f0a874cf221971

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
26-10-2023 10:05

Target

Payment Advice.PDF.exe
Size

329KB
MD5

9e6b1fdb47d280b886a9c66c4363a60c
SHA1

3cb3539f61feaf0e1bf13f92d4a05d902d41da9b
SHA256

6c85b7d283e61adeb841aaa3ddb0b5c8ad1ca6650df408ed03f0a874cf221971
SHA512

a4f7a5477fc3a5fe69444e6a1a1a4d78ffc4677837fa4f2d9c2efea7400171f7de695c61f3afdf6c95c31bed28713924e48dcf535dfc3bc3a4b60690d28367e5
SSDEEP

6144:/CKYBMNit2boZ2L/icl4iPJvGy+FsPe35bgaGPEQD:/fY6BboZ+/icCcGvL35bgaGf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

Payment Advice.PDF.exe

description	pid	process	target process
PID 1544 wrote to memory of 2640	1544	Payment Advice.PDF.exe	RegAsm.exe
PID 1544 wrote to memory of 2640	1544	Payment Advice.PDF.exe	RegAsm.exe
PID 1544 wrote to memory of 2640	1544	Payment Advice.PDF.exe	RegAsm.exe
PID 1544 wrote to memory of 2640	1544	Payment Advice.PDF.exe	RegAsm.exe
PID 1544 wrote to memory of 2640	1544	Payment Advice.PDF.exe	RegAsm.exe
PID 1544 wrote to memory of 2640	1544	Payment Advice.PDF.exe	RegAsm.exe
PID 1544 wrote to memory of 2640	1544	Payment Advice.PDF.exe	RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\ Payment Advice.PDF.exe
"C:\Users\Admin\AppData\Local\Temp\ Payment Advice.PDF.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
2⤵
PID:2640

memory/1544-0-0x0000000000B40000-0x0000000000B98000-memory.dmp

Filesize
352KB

Download
memory/1544-1-0x00000000746C0000-0x0000000074DAE000-memory.dmp

Filesize
6.9MB

Download
memory/1544-2-0x0000000000410000-0x0000000000464000-memory.dmp

Filesize
336KB

Download
memory/1544-3-0x00000000746C0000-0x0000000074DAE000-memory.dmp

Filesize
6.9MB

Download
memory/1544-4-0x0000000004A90000-0x0000000004AD0000-memory.dmp

Filesize
256KB

Download
memory/1544-5-0x00000000004D0000-0x00000000004DA000-memory.dmp

Filesize
40KB

Download
memory/1544-6-0x00000000746C0000-0x0000000074DAE000-memory.dmp

Filesize
6.9MB

Download