8da16afca85c8723cf67087b40e1279d6eb6ed3cf07b68ac10555c1fb2b83f46

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
15/11/2023, 11:12

Target

2066.exe
Size

6KB
MD5

176a511e7c6c2ec0e168019afe1b9485
SHA1

4f936e4059f9d63780c4aca11533f9f1184b779b
SHA256

8da16afca85c8723cf67087b40e1279d6eb6ed3cf07b68ac10555c1fb2b83f46
SHA512

3c47e43b29deb74e8ec9716f6a54332a335f3a0459f067cbcd02a86cf5ced0592f93597a90718b4afbed709c4fec6a8333e1751827bbcd04b74f817239f806bf
SSDEEP

96:B7wpoTbuNXdvZrlyScMrTItmunudma60m:GmbWdhASFTITeE

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2256	dw20.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2256	2428	2066.exe	29
PID 2428 wrote to memory of 2256	2428	2066.exe	29
PID 2428 wrote to memory of 2256	2428	2066.exe	29
PID 2428 wrote to memory of 2256	2428	2066.exe	29

C:\Users\Admin\AppData\Local\Temp\2066.exe
"C:\Users\Admin\AppData\Local\Temp\2066.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 424
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2256

memory/2256-3-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/2256-6-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/2428-0-0x0000000074050000-0x00000000745FB000-memory.dmp

Filesize
5.7MB

Download
memory/2428-1-0x0000000001F90000-0x0000000001FD0000-memory.dmp

Filesize
256KB

Download
memory/2428-2-0x0000000074050000-0x00000000745FB000-memory.dmp

Filesize
5.7MB

Download
memory/2428-4-0x0000000074050000-0x00000000745FB000-memory.dmp

Filesize
5.7MB

Download
memory/2428-5-0x0000000001F90000-0x0000000001FD0000-memory.dmp

Filesize
256KB

Download