ca85620bcc061e445651a17686b9cf6cfc5489c6cd8643e648d8c56ddb0572b8

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 22:49

Target

16fbf4c243ebc766aaabce830a1ff5b3.exe
Size

31KB
MD5

16fbf4c243ebc766aaabce830a1ff5b3
SHA1

7c81dff96673f894c65de156ce3c27d1f75b50d2
SHA256

ca85620bcc061e445651a17686b9cf6cfc5489c6cd8643e648d8c56ddb0572b8
SHA512

ffae9ee89163dc56961b8f153753802811b9d3422038e7563b42f4254d463c2175294eaf8418b4995a07a4d058c06d3ae856a4420ea542d9a685e1aaf8ed78f1
SSDEEP

768:/h7TzTBziifTeiZSVWihwEknh0L7OTLeNfQf7:/Z/nEkh8OTKNq

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1480	16fbf4c243ebc766aaabce830a1ff5b3.exe
1480	16fbf4c243ebc766aaabce830a1ff5b3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 1220	1480	16fbf4c243ebc766aaabce830a1ff5b3.exe	17
PID 1480 wrote to memory of 1220	1480	16fbf4c243ebc766aaabce830a1ff5b3.exe	17
PID 1480 wrote to memory of 1220	1480	16fbf4c243ebc766aaabce830a1ff5b3.exe	17
PID 1480 wrote to memory of 1220	1480	16fbf4c243ebc766aaabce830a1ff5b3.exe	17

memory/1220-2-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1220-5-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/1480-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1480-1-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-15-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1480-14-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download