13a00ac5c9f88febef3a823f18e372ea29d631d28907394d14be21872536b494

Analysis

max time kernel
123s
max time network
124s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
26/11/2023, 17:01

Target

documentpdf.exe
Size

78KB
MD5

3610e8e2807dbb278d023de198076f6f
SHA1

74398f842aaa8230854ad37142931463447c8a02
SHA256

13a00ac5c9f88febef3a823f18e372ea29d631d28907394d14be21872536b494
SHA512

cd93769798dbc60adc5c1572e487bc9d2b22102423eb5676085470b6d44091156d7227d5737c8ea2baee38c5e205de6419de50ca5ed4c559f5bb0fa8c000b1c9
SSDEEP

768:8KADWfMy+9GSU2Ip4jBqltCF0AxEjenoB69+Fx:DADV39GSFHBWAxEjc+

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2528	dw20.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2528	1704	documentpdf.exe	28
PID 1704 wrote to memory of 2528	1704	documentpdf.exe	28
PID 1704 wrote to memory of 2528	1704	documentpdf.exe	28
PID 1704 wrote to memory of 2528	1704	documentpdf.exe	28

C:\Users\Admin\AppData\Local\Temp\documentpdf.exe
"C:\Users\Admin\AppData\Local\Temp\documentpdf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 852
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2528

memory/1704-0-0x0000000074FB0000-0x000000007555B000-memory.dmp

Filesize
5.7MB

Download
memory/1704-2-0x0000000001F50000-0x0000000001F90000-memory.dmp

Filesize
256KB

Download
memory/1704-1-0x0000000074FB0000-0x000000007555B000-memory.dmp

Filesize
5.7MB

Download
memory/1704-3-0x0000000074FB0000-0x000000007555B000-memory.dmp

Filesize
5.7MB

Download
memory/1704-4-0x0000000001F50000-0x0000000001F90000-memory.dmp

Filesize
256KB

Download
memory/2528-5-0x00000000004D0000-0x00000000004D1000-memory.dmp

Filesize
4KB

Download
memory/2528-6-0x00000000004D0000-0x00000000004D1000-memory.dmp

Filesize
4KB

Download