1626307a63872a2d8aacb3f0d7b2b53001e8130f1e7d448501955bee49165748

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
15/11/2023, 11:26

Target

Sourceforge_3661.exe
Size

16KB
MD5

021c0e7a940ac129f11ad05fec99373f
SHA1

65d2518e60b7ed77b437572cb6b30e187d2b48dd
SHA256

1626307a63872a2d8aacb3f0d7b2b53001e8130f1e7d448501955bee49165748
SHA512

ebc777406c2ef520233651380f8826f02f4e15c8b783f4bdffb392af3444e086c0f668423cde2c17dc6083206d349289c2aedddf545644e1882fb6ff9ca86a29
SSDEEP

96:ofxsT7gcD5tJtkhAvDa+a1mQGbur2zId:oZW7gu5bGhnJ0ur2S

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1736	dw20.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 1736	1652	Sourceforge_3661.exe	29
PID 1652 wrote to memory of 1736	1652	Sourceforge_3661.exe	29
PID 1652 wrote to memory of 1736	1652	Sourceforge_3661.exe	29
PID 1652 wrote to memory of 1736	1652	Sourceforge_3661.exe	29

C:\Users\Admin\AppData\Local\Temp\Sourceforge_3661.exe
"C:\Users\Admin\AppData\Local\Temp\Sourceforge_3661.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 420
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1736

memory/1652-0-0x0000000074640000-0x0000000074BEB000-memory.dmp

Filesize
5.7MB

Download
memory/1652-1-0x0000000074640000-0x0000000074BEB000-memory.dmp

Filesize
5.7MB

Download
memory/1652-2-0x00000000020C0000-0x0000000002100000-memory.dmp

Filesize
256KB

Download
memory/1652-4-0x0000000074640000-0x0000000074BEB000-memory.dmp

Filesize
5.7MB

Download
memory/1652-5-0x00000000020C0000-0x0000000002100000-memory.dmp

Filesize
256KB

Download
memory/1736-3-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download