1b14242fe34c166e7842a1c108c69fcce2d31484cc93ed803f1b28b46a0baeea

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
08-11-2023 07:47

Target

Purchase Order.exe
Size

367KB
MD5

e9d5ee7c8be48ac6eebf50e1f7f5f861
SHA1

b217a9d47c3a62fe3ac52a149abb4e302e664bae
SHA256

1b14242fe34c166e7842a1c108c69fcce2d31484cc93ed803f1b28b46a0baeea
SHA512

2048ccf72dbe507c5f1b88d3edb3c64b27a05a40f67eb28a0bec16f2aaa5f62602303cd8c1e77f195ffc54806a65e0d118722418cd98747c365a7077bc5be0bd
SSDEEP

6144:yAY8QgjLaR06ziRI5HiZB/rPf+ywWlTJYJzp4Xkj8jKOexbYl41mOds8wJdbrrhh:BaR06ziRI5HgdrX5nlTJoz2XkMKOexbc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

Purchase Order.exe

description	pid	process	target process
PID 2248 wrote to memory of 2756	2248	Purchase Order.exe	RegAsm.exe
PID 2248 wrote to memory of 2756	2248	Purchase Order.exe	RegAsm.exe
PID 2248 wrote to memory of 2756	2248	Purchase Order.exe	RegAsm.exe
PID 2248 wrote to memory of 2756	2248	Purchase Order.exe	RegAsm.exe
PID 2248 wrote to memory of 2756	2248	Purchase Order.exe	RegAsm.exe
PID 2248 wrote to memory of 2756	2248	Purchase Order.exe	RegAsm.exe
PID 2248 wrote to memory of 2756	2248	Purchase Order.exe	RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe
"C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2248

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
2⤵
PID:2756

memory/2248-0-0x0000000000280000-0x00000000002E2000-memory.dmp

Filesize
392KB

Download
memory/2248-1-0x00000000747E0000-0x0000000074ECE000-memory.dmp

Filesize
6.9MB

Download
memory/2248-2-0x00000000004E0000-0x0000000000534000-memory.dmp

Filesize
336KB

Download
memory/2248-3-0x00000000747E0000-0x0000000074ECE000-memory.dmp

Filesize
6.9MB

Download
memory/2248-4-0x0000000004A80000-0x0000000004AC0000-memory.dmp

Filesize
256KB

Download
memory/2248-5-0x0000000000350000-0x000000000035A000-memory.dmp

Filesize
40KB

Download
memory/2248-6-0x00000000747E0000-0x0000000074ECE000-memory.dmp

Filesize
6.9MB

Download