dee91d6afa6e4a8bf023991ea457888d76fec872969537702f22a10b90409d20

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
15-11-2023 11:12

Target

386.exe
Size

52KB
MD5

0a5cf7d53182d26113ccf6be223301dd
SHA1

95e7ebb570184a6011499ee88f09aaa8b39daf02
SHA256

dee91d6afa6e4a8bf023991ea457888d76fec872969537702f22a10b90409d20
SHA512

6a5351da8b1ec17a38e99abe0a53c07fb356e2a9b1cd531a9e7dc5e95714fad4670aea2b4c02103eaa03938c2afc22b28b710a650e08a17349b2548ee0ded6ef
SSDEEP

768:hHF+rNQD0FtTuTmLGMFi/oMJuE8oeCUqr8XOKrXkT/7LAWB:xF+hQpTmLGsURevq8OKG/7Mc

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2076	dw20.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 2076	840	386.exe	29
PID 840 wrote to memory of 2076	840	386.exe	29
PID 840 wrote to memory of 2076	840	386.exe	29

C:\Users\Admin\AppData\Local\Temp\386.exe
"C:\Users\Admin\AppData\Local\Temp\386.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:840
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 396
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2076

memory/840-0-0x000007FEF5450000-0x000007FEF5DED000-memory.dmp

Filesize
9.6MB

Download
memory/840-1-0x0000000002050000-0x00000000020D0000-memory.dmp

Filesize
512KB

Download
memory/840-2-0x000007FEF5450000-0x000007FEF5DED000-memory.dmp

Filesize
9.6MB

Download
memory/840-4-0x000007FEF5450000-0x000007FEF5DED000-memory.dmp

Filesize
9.6MB

Download
memory/840-5-0x0000000002050000-0x00000000020D0000-memory.dmp

Filesize
512KB

Download
memory/2076-3-0x00000000004B0000-0x00000000004B1000-memory.dmp

Filesize
4KB

Download