81b6c9cb93133518057cd77f47395836bdfdb870edde6d84313e5a865bd92cdb

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20-12-2023 06:43

Target

81b6c9cb93133518057cd77f47395836bdfdb870edde6d84313e5a865bd92cdb.exe
Size

136KB
MD5

f0a15b7bb8d82ee6579fa84d30dd1874
SHA1

23088476193eaec08e8434cd46bbd2cf7cce6799
SHA256

81b6c9cb93133518057cd77f47395836bdfdb870edde6d84313e5a865bd92cdb
SHA512

61567a330d093a6c1315dea4785f4499f4ec89f53252e11afa0963c84a0a9cdd0b8a435b7f19a123abeab5376632102245641fcbc1351725c83c16409fb2712a
SSDEEP

3072:tFeoEUoEHoE30voEWCloEQoEWCloEZoEao8aoE+NAiRQoEBrLoEbRoE7+MnoEzo3:P8NA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 1596	1740	81b6c9cb93133518057cd77f47395836bdfdb870edde6d84313e5a865bd92cdb.exe	29
PID 1740 wrote to memory of 1596	1740	81b6c9cb93133518057cd77f47395836bdfdb870edde6d84313e5a865bd92cdb.exe	29
PID 1740 wrote to memory of 1596	1740	81b6c9cb93133518057cd77f47395836bdfdb870edde6d84313e5a865bd92cdb.exe	29

C:\Users\Admin\AppData\Local\Temp\81b6c9cb93133518057cd77f47395836bdfdb870edde6d84313e5a865bd92cdb.exe
"C:\Users\Admin\AppData\Local\Temp\81b6c9cb93133518057cd77f47395836bdfdb870edde6d84313e5a865bd92cdb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe"
  2⤵
  PID:1596

memory/1740-0-0x000000013F6E0000-0x000000013F703000-memory.dmp

Filesize
140KB

Download