e3a1cbeaf11f7b5d337e499433bb1923c3edec87fc59e4ba6bb8a89f6f94fb35

Analysis

max time kernel
86s
max time network
34s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 21:44

Target

fa4afe4dbfe8693675477a6d6927c06b.exe
Size

306KB
MD5

fa4afe4dbfe8693675477a6d6927c06b
SHA1

c4495dfb5d3339a97c300e3afacd6072f69cf88a
SHA256

e3a1cbeaf11f7b5d337e499433bb1923c3edec87fc59e4ba6bb8a89f6f94fb35
SHA512

9214fa6ed7aedf7d4596c2113d271e11d20c9eab08e4d162d2103d5188c0794cabf9aaad469e0ccfd7e415aed309888fd4814843b5c0c36a569d029ef7dc035b
SSDEEP

6144:YwJdf2Pb1Mv1vth+cWzD5mMeJV3We4WMrL/jB9XWGOwr5UpUhUjU8UG9U:j7eT1MJP+nleZ4WMr7jP

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 3068	1684	fa4afe4dbfe8693675477a6d6927c06b.exe	29
PID 1684 wrote to memory of 3068	1684	fa4afe4dbfe8693675477a6d6927c06b.exe	29
PID 1684 wrote to memory of 3068	1684	fa4afe4dbfe8693675477a6d6927c06b.exe	29
PID 1684 wrote to memory of 3068	1684	fa4afe4dbfe8693675477a6d6927c06b.exe	29

C:\Users\Admin\AppData\Local\Temp\fa4afe4dbfe8693675477a6d6927c06b.exe
"C:\Users\Admin\AppData\Local\Temp\fa4afe4dbfe8693675477a6d6927c06b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 488
  2⤵
  PID:3068

memory/1684-0-0x0000000074610000-0x0000000074BBB000-memory.dmp

Filesize
5.7MB

Download
memory/1684-1-0x0000000074610000-0x0000000074BBB000-memory.dmp

Filesize
5.7MB

Download
memory/1684-2-0x0000000002320000-0x0000000002360000-memory.dmp

Filesize
256KB

Download
memory/1684-4-0x0000000074610000-0x0000000074BBB000-memory.dmp

Filesize
5.7MB

Download
memory/1684-5-0x0000000002320000-0x0000000002360000-memory.dmp

Filesize
256KB

Download
memory/3068-3-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/3068-6-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download