ad21bc1a0b074c1bba859921accbdb4ab2089046dbb70b6631a7837f75ad9a68

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 08:51

Target

132335311d713f7b60af46d652aa02dc.exe
Size

86KB
MD5

132335311d713f7b60af46d652aa02dc
SHA1

b7130e1e3a9128dc70b782b54ea96c36a6922a55
SHA256

ad21bc1a0b074c1bba859921accbdb4ab2089046dbb70b6631a7837f75ad9a68
SHA512

7b6229116a90c8b4ceaea58e25cf04a197f04468adfb3c1444f9b728f32cd63916d324df03084dbc0a85c0c099b0ba787f5434abcb8839ba26245278b0dfc0b9
SSDEEP

1536:1KqW3QUmGKN0j+wt8fde+JWh8G5atTIBIAqMBgRLI6yOu2lVM3uCiT16WIw:u3DmG+i+rdJJW6GotEBIAqMBgRLI6yN7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 3904	4920	132335311d713f7b60af46d652aa02dc.exe	93
PID 4920 wrote to memory of 3904	4920	132335311d713f7b60af46d652aa02dc.exe	93
PID 4920 wrote to memory of 3904	4920	132335311d713f7b60af46d652aa02dc.exe	93

C:\Users\Admin\AppData\Local\Temp\132335311d713f7b60af46d652aa02dc.exe
"C:\Users\Admin\AppData\Local\Temp\132335311d713f7b60af46d652aa02dc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32 winexe.dll,run
  2⤵
  PID:3904

memory/4920-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download