87d400b054207a08cdd492b935358f3aa53ff126d7d885fe2783705561ea35ab

Analysis

max time kernel
119s
max time network
134s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
15/11/2023, 11:13

Target

2202.exe
Size

28KB
MD5

dbee5d6fb4559343ba99cf0ea5f20025
SHA1

a49e894f8f9dfba6c9406e3f98593c64bb8e5f9e
SHA256

87d400b054207a08cdd492b935358f3aa53ff126d7d885fe2783705561ea35ab
SHA512

97d5f039c147594f2fda9a08dedd8d591d94ef93f1376d308bd14ed5b26379890ab824f1719f8e1c54d67b1eca342a32f63380d84053c263288048edce023aab
SSDEEP

384:hRt9yv9TvP96ufTyokr17ZVr7sgQLB9pPCnhI5zHFiOS0pE:hjQv9dmABmcwOE

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2988	dw20.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2988	1700	2202.exe	28
PID 1700 wrote to memory of 2988	1700	2202.exe	28
PID 1700 wrote to memory of 2988	1700	2202.exe	28

C:\Users\Admin\AppData\Local\Temp\2202.exe
"C:\Users\Admin\AppData\Local\Temp\2202.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 388
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2988

memory/1700-0-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download
memory/1700-1-0x0000000000B20000-0x0000000000BA0000-memory.dmp

Filesize
512KB

Download
memory/1700-3-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download
memory/1700-4-0x0000000000B20000-0x0000000000BA0000-memory.dmp

Filesize
512KB

Download
memory/2988-2-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download