29607cd37a3e8246d08a481635500a3f4078be0667006ba11c90c9b05f0c3a90

Analysis

max time kernel
146s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 22:57

Target

fe4f92ee77a5a8896427cf9d39a4f161.exe
Size

76KB
MD5

fe4f92ee77a5a8896427cf9d39a4f161
SHA1

966e90bb05ff5f82a9298527cadb4a28647e4e40
SHA256

29607cd37a3e8246d08a481635500a3f4078be0667006ba11c90c9b05f0c3a90
SHA512

b612aa3997b964d0b2473f5ad958d14895fadb112f264611fb4993397618b62463bf2293d83d03b40ca595a2b74f629cca33ba6594189a0a490fbbb3793b990d
SSDEEP

1536:SOHkDiElWAhMwQVyu/vKxaCU3ATwD23Yql8LwdBLUZrvYT2GbsB8V9UcV:SQWiElDhbYZ/vKxaCjMOhyaBLUZJGbsg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 208	2552	fe4f92ee77a5a8896427cf9d39a4f161.exe	18
PID 2552 wrote to memory of 208	2552	fe4f92ee77a5a8896427cf9d39a4f161.exe	18
PID 2552 wrote to memory of 208	2552	fe4f92ee77a5a8896427cf9d39a4f161.exe	18

C:\Users\Admin\AppData\Local\Temp\fe4f92ee77a5a8896427cf9d39a4f161.exe
"C:\Users\Admin\AppData\Local\Temp\fe4f92ee77a5a8896427cf9d39a4f161.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Users\Admin\AppData\Local\Temp\fe4f92ee77a5a8896427cf9d39a4f161.exe
  "C:\Users\Admin\AppData\Local\Temp\fe4f92ee77a5a8896427cf9d39a4f161.exe" 7986697283263464205
  2⤵
  PID:208

memory/208-1-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/208-5-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2552-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download