3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
14-12-2023 05:06

Target

3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349.exe
Size

533KB
MD5

5a282fde0b4bde067ea3d07c2f614dbc
SHA1

61e26c00871ef622a6fbcdd529c4bbfeadf90e2f
SHA256

3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349
SHA512

897e59321e854f6cbd96d2c51cb4409032439e49d049f39ddb1d6de1cb21c2e575ca5d6d25d9682d00dad9a122e171fd1cdf4a576046b15dc4a9380a41a57a38
SSDEEP

6144:L6T8DG3+zMz4wwA191j7HawIAFZ4eN/+fA2QnCK6ViEhlDbxzJ+vuV1VGuvyCLgD:L6wi1DH19on64eN/+fp1U0JGy7z

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349.exe

description	pid	process	target process
PID 1672 wrote to memory of 2276	1672	3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349.exe	notepad.exe
PID 1672 wrote to memory of 2276	1672	3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349.exe	notepad.exe
PID 1672 wrote to memory of 2276	1672	3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349.exe	notepad.exe

C:\Users\Admin\AppData\Local\Temp\3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349.exe
"C:\Users\Admin\AppData\Local\Temp\3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1672