8e28b914229f3d23f0e2df17abe3074bd3a83d72d62ca62d0605bc92e9b934d8

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 13:16

Target

21169db244f2679c4aa86345a5eaf767.exe
Size

17KB
MD5

21169db244f2679c4aa86345a5eaf767
SHA1

5175f64f561203054283de1906672defd1bed83b
SHA256

8e28b914229f3d23f0e2df17abe3074bd3a83d72d62ca62d0605bc92e9b934d8
SHA512

172f057a722de17b0557c47dae7c9ea606d887d64edabad1594e225bc40d7f8fc442383c2d3068693d112cfafac1bdb58310d4d3fe141b3c282dd3be06b5a1bc
SSDEEP

192:sJ/PMkjD44MP7nAxgwCMrpY7e8LqPZo5LdCfq1Rn6O3G:sJ/PMD4qAxgr6+e9Pfqbn1G

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 2340	1464	21169db244f2679c4aa86345a5eaf767.exe	29
PID 1464 wrote to memory of 2340	1464	21169db244f2679c4aa86345a5eaf767.exe	29
PID 1464 wrote to memory of 2340	1464	21169db244f2679c4aa86345a5eaf767.exe	29
PID 1464 wrote to memory of 2340	1464	21169db244f2679c4aa86345a5eaf767.exe	29

C:\Users\Admin\AppData\Local\Temp\21169db244f2679c4aa86345a5eaf767.exe
"C:\Users\Admin\AppData\Local\Temp\21169db244f2679c4aa86345a5eaf767.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2340

memory/1464-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download