8c366bddcc19d07924b953259274f43f30c9a70f726c70420f8a01e07a209734

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
03-11-2023 16:18

Target

תשלום בסוויפט 110468 3.11.2023.scr.exe
Size

1.1MB
MD5

cf89a03d499a9da3518a943bdaaf3f9a
SHA1

f6e1db56f0a6a88a787920a56acbb2406b5fca2b
SHA256

8c366bddcc19d07924b953259274f43f30c9a70f726c70420f8a01e07a209734
SHA512

4c61ab6c7014a868a7f1568074c018e469a2a4af6428a7e40cb4370d07b7c083a4b710d0c5b2c6c7c8ac5224e8301705643b599c3159f521dd97540df61f84f4
SSDEEP

24576:UfjHsVx69As4hkB/YAuseX7KvO1YAuJMi+sPV3GykDfMNVzCOgKIQtKoColK5dwL:CjHZ9AsQpAuserKvpAuJMi+sPV3GykDM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

תשלום בסוויפט 110468 3.11.2023.scr.exe

description	pid	process	target process
PID 1212 wrote to memory of 2464	1212	תשלום בסוויפט 110468 3.11.2023.scr.exe	RegAsm.exe
PID 1212 wrote to memory of 2464	1212	תשלום בסוויפט 110468 3.11.2023.scr.exe	RegAsm.exe
PID 1212 wrote to memory of 2464	1212	תשלום בסוויפט 110468 3.11.2023.scr.exe	RegAsm.exe
PID 1212 wrote to memory of 2464	1212	תשלום בסוויפט 110468 3.11.2023.scr.exe	RegAsm.exe
PID 1212 wrote to memory of 2464	1212	תשלום בסוויפט 110468 3.11.2023.scr.exe	RegAsm.exe
PID 1212 wrote to memory of 2464	1212	תשלום בסוויפט 110468 3.11.2023.scr.exe	RegAsm.exe
PID 1212 wrote to memory of 2464	1212	תשלום בסוויפט 110468 3.11.2023.scr.exe	RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\תשלום בסוויפט 110468 3.11.2023.scr.exe
"C:\Users\Admin\AppData\Local\Temp\תשלום בסוויפט 110468 3.11.2023.scr.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
2⤵
PID:2464

memory/1212-0-0x0000000000A80000-0x0000000000B94000-memory.dmp

Filesize
1.1MB

Download
memory/1212-1-0x0000000074C30000-0x000000007531E000-memory.dmp

Filesize
6.9MB

Download
memory/1212-2-0x00000000005E0000-0x0000000000634000-memory.dmp

Filesize
336KB

Download
memory/1212-3-0x0000000002210000-0x0000000002250000-memory.dmp

Filesize
256KB

Download
memory/1212-4-0x0000000000630000-0x000000000063A000-memory.dmp

Filesize
40KB

Download
memory/1212-5-0x0000000074C30000-0x000000007531E000-memory.dmp

Filesize
6.9MB

Download