511315a38d1bc9523122bde74afdfa0b5b0ab1c1f64bd20974399eff069e6e0f

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 11:06

Target

19882d1c6c0a2ef3cf45de107eb68149.exe
Size

7KB
MD5

19882d1c6c0a2ef3cf45de107eb68149
SHA1

b693160ac466b71fe3b32b8840624e9a3cfa4121
SHA256

511315a38d1bc9523122bde74afdfa0b5b0ab1c1f64bd20974399eff069e6e0f
SHA512

2a582c563a9e357c17e2ff32e8b5ae44ccf66c46337672a640495e3478e61b7cc0d227c4cd092890c30367bb8bb8eae9f7c31b18a36185ecfdb55f82db632aec
SSDEEP

96:HuWG6kHWjs8pACr2sS6Ke5cE2TYlnlYJnLeL0Kff345Czsov1VRXmm68ajF:H5js8nS6+V2nlYJLeLTg4Ao6T

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2856	dw20.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2856	3000	19882d1c6c0a2ef3cf45de107eb68149.exe	29
PID 3000 wrote to memory of 2856	3000	19882d1c6c0a2ef3cf45de107eb68149.exe	29
PID 3000 wrote to memory of 2856	3000	19882d1c6c0a2ef3cf45de107eb68149.exe	29

C:\Users\Admin\AppData\Local\Temp\19882d1c6c0a2ef3cf45de107eb68149.exe
"C:\Users\Admin\AppData\Local\Temp\19882d1c6c0a2ef3cf45de107eb68149.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 404
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2856

memory/2856-3-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/3000-0-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

Filesize
9.6MB

Download
memory/3000-1-0x0000000000A60000-0x0000000000AE0000-memory.dmp

Filesize
512KB

Download
memory/3000-2-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

Filesize
9.6MB

Download
memory/3000-4-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

Filesize
9.6MB

Download
memory/3000-5-0x0000000000A60000-0x0000000000AE0000-memory.dmp

Filesize
512KB

Download