ce8c6a3e5a86c1b0f5fa7a2f74feed5fc02eb1d27b60a389653f4591d0200d74

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 16:11

Target

ead70e827960fa47daf087bf15d9b9b7.exe
Size

282KB
MD5

ead70e827960fa47daf087bf15d9b9b7
SHA1

bba895bca47761fa529c3e15c88941e29498baa6
SHA256

ce8c6a3e5a86c1b0f5fa7a2f74feed5fc02eb1d27b60a389653f4591d0200d74
SHA512

4a1a7c8794e37af140b2b33eed39bb1470355b09ddf67d0e20a0fd44c4918a6f9b0795edd50254f8f2b884b46ab2d0de6916bcd1153090647e1919848f08857c
SSDEEP

6144:TAkl5iDtxKO7z8jamLbR9JWJWWJYJdz9kxqJHCRpY:TAq5iDtxKOv8pRvEHYviA

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

ead70e827960fa47daf087bf15d9b9b7.exe

description	pid	process	target process
PID 2632 wrote to memory of 3016	2632	ead70e827960fa47daf087bf15d9b9b7.exe	dw20.exe
PID 2632 wrote to memory of 3016	2632	ead70e827960fa47daf087bf15d9b9b7.exe	dw20.exe
PID 2632 wrote to memory of 3016	2632	ead70e827960fa47daf087bf15d9b9b7.exe	dw20.exe
PID 2632 wrote to memory of 3016	2632	ead70e827960fa47daf087bf15d9b9b7.exe	dw20.exe

C:\Users\Admin\AppData\Local\Temp\ead70e827960fa47daf087bf15d9b9b7.exe
"C:\Users\Admin\AppData\Local\Temp\ead70e827960fa47daf087bf15d9b9b7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2632

C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 768
2⤵
PID:3016

memory/2632-0-0x0000000074F90000-0x000000007553B000-memory.dmp

Filesize
5.7MB

Download
memory/2632-1-0x0000000000070000-0x00000000000B0000-memory.dmp

Filesize
256KB

Download
memory/2632-2-0x0000000074F90000-0x000000007553B000-memory.dmp

Filesize
5.7MB

Download
memory/2632-5-0x0000000000070000-0x00000000000B0000-memory.dmp

Filesize
256KB

Download
memory/2632-4-0x0000000074F90000-0x000000007553B000-memory.dmp

Filesize
5.7MB

Download
memory/3016-3-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download