5d8395da202f071752c4dd80280026c20d632c075a07c06ec31ea3455e51061e

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 14:53

Target

0260d254e2897d9f08bc6936a0f4f2de.exe
Size

1.4MB
MD5

0260d254e2897d9f08bc6936a0f4f2de
SHA1

f100b2f4d90a33835c7cb86b27340b4aceda9278
SHA256

5d8395da202f071752c4dd80280026c20d632c075a07c06ec31ea3455e51061e
SHA512

b49e1ea132d1e3fd282f27a0252af753e1ebe9014030b866316ad70290c16f04e363648ca79be866abc298643b78e0f7f38e53f2da2677a8c0a3119adae54bff
SSDEEP

24576:ylnjI9LmIUu6TVaML+TKWmA7xvRVjTAuI0kU5vBCAsK4sqo7kf:ylY613qT7I0kQBV4sqSkf

Score

1^/10

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 2120	2472	0260d254e2897d9f08bc6936a0f4f2de.exe	28
PID 2472 wrote to memory of 2120	2472	0260d254e2897d9f08bc6936a0f4f2de.exe	28
PID 2472 wrote to memory of 2120	2472	0260d254e2897d9f08bc6936a0f4f2de.exe	28
PID 2472 wrote to memory of 2120	2472	0260d254e2897d9f08bc6936a0f4f2de.exe	28
PID 2472 wrote to memory of 2120	2472	0260d254e2897d9f08bc6936a0f4f2de.exe	28
PID 2472 wrote to memory of 2120	2472	0260d254e2897d9f08bc6936a0f4f2de.exe	28
PID 2472 wrote to memory of 2120	2472	0260d254e2897d9f08bc6936a0f4f2de.exe	28
PID 2120 wrote to memory of 2396	2120	Net.exe	30
PID 2120 wrote to memory of 2396	2120	Net.exe	30
PID 2120 wrote to memory of 2396	2120	Net.exe	30
PID 2120 wrote to memory of 2396	2120	Net.exe	30
PID 2120 wrote to memory of 2396	2120	Net.exe	30
PID 2120 wrote to memory of 2396	2120	Net.exe	30
PID 2120 wrote to memory of 2396	2120	Net.exe	30

C:\Users\Admin\AppData\Local\Temp\0260d254e2897d9f08bc6936a0f4f2de.exe
"C:\Users\Admin\AppData\Local\Temp\0260d254e2897d9f08bc6936a0f4f2de.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Windows\SysWOW64\Net.exe
  Net Stop PcaSvc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2120
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 Stop PcaSvc
    3⤵
    PID:2396

memory/2472-2-0x0000000000400000-0x00000000004A5000-memory.dmp

Filesize
660KB

Download