691657263b83be96ff754dd2fb6aa643b7ecb1ddc28e00a256669f71bc6b5a42

Analysis

max time kernel
119s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 23:11

Target

426c8811709d333fb35e5b845c0d2864.exe
Size

20KB
MD5

426c8811709d333fb35e5b845c0d2864
SHA1

0603badbca458f5b0fcfc27397c73c8ff095b14d
SHA256

691657263b83be96ff754dd2fb6aa643b7ecb1ddc28e00a256669f71bc6b5a42
SHA512

6fd43b84a304371d7bb4da0e11fcb08f71e5e35e4a3aaa2a7542f9d3f3c4d4915f95d797956567d7c4139e9c103aaed96455dbce18cf05f6f61986f7945d64fd
SSDEEP

384:CiTs/9ubUsLpzB5MXh3UXR3rdCTam2cukzrNX2EuJLjd5dpkUcly5h78g1cO:Ci4wIsLdWQ5+am7tVXExdus5h7h1H

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 1660	1072	426c8811709d333fb35e5b845c0d2864.exe	28
PID 1072 wrote to memory of 1660	1072	426c8811709d333fb35e5b845c0d2864.exe	28
PID 1072 wrote to memory of 1660	1072	426c8811709d333fb35e5b845c0d2864.exe	28

C:\Users\Admin\AppData\Local\Temp\426c8811709d333fb35e5b845c0d2864.exe
"C:\Users\Admin\AppData\Local\Temp\426c8811709d333fb35e5b845c0d2864.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 396
  2⤵
  PID:1660

memory/1072-0-0x000007FEF6000000-0x000007FEF699D000-memory.dmp

Filesize
9.6MB

Download
memory/1072-1-0x0000000000B50000-0x0000000000BD0000-memory.dmp

Filesize
512KB

Download
memory/1072-2-0x000007FEF6000000-0x000007FEF699D000-memory.dmp

Filesize
9.6MB

Download
memory/1072-4-0x000007FEF6000000-0x000007FEF699D000-memory.dmp

Filesize
9.6MB

Download
memory/1072-5-0x0000000000B50000-0x0000000000BD0000-memory.dmp

Filesize
512KB

Download
memory/1660-3-0x0000000000460000-0x0000000000461000-memory.dmp

Filesize
4KB

Download