9b390b574f9e57f477d35288f1caa0cf3b3837c238a4dd8133ae9adc924b6117

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 21:01

Target

f7e77f65a4a79b7bdc22528676c8376e.exe
Size

188KB
MD5

f7e77f65a4a79b7bdc22528676c8376e
SHA1

44e4f03f66eee265917359447fd7c6c93ae7157e
SHA256

9b390b574f9e57f477d35288f1caa0cf3b3837c238a4dd8133ae9adc924b6117
SHA512

4b1ae0ea3a269676c1e033a1618fd4ae6115ea26d431f70c76bbda8593a311d0d464205cfc6af234137d99016229fdcee40f5d870aa48117a7a90931780f797f
SSDEEP

3072:VOZ4u1+dk9pHcGwxpjsKmyrhHcmE3YG7G4M3LrxbHH0Hy:Nkv9qjsnykoGiV7ry

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2500	3040	f7e77f65a4a79b7bdc22528676c8376e.exe	28
PID 3040 wrote to memory of 2500	3040	f7e77f65a4a79b7bdc22528676c8376e.exe	28
PID 3040 wrote to memory of 2500	3040	f7e77f65a4a79b7bdc22528676c8376e.exe	28
PID 3040 wrote to memory of 2500	3040	f7e77f65a4a79b7bdc22528676c8376e.exe	28

C:\Users\Admin\AppData\Local\Temp\f7e77f65a4a79b7bdc22528676c8376e.exe
"C:\Users\Admin\AppData\Local\Temp\f7e77f65a4a79b7bdc22528676c8376e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 420
  2⤵
  PID:2500

memory/2500-3-0x0000000001CD0000-0x0000000001CD1000-memory.dmp

Filesize
4KB

Download
memory/2500-5-0x0000000001CD0000-0x0000000001CD1000-memory.dmp

Filesize
4KB

Download
memory/3040-0-0x00000000748E0000-0x0000000074E8B000-memory.dmp

Filesize
5.7MB

Download
memory/3040-1-0x0000000000130000-0x0000000000170000-memory.dmp

Filesize
256KB

Download
memory/3040-2-0x00000000748E0000-0x0000000074E8B000-memory.dmp

Filesize
5.7MB

Download
memory/3040-4-0x00000000748E0000-0x0000000074E8B000-memory.dmp

Filesize
5.7MB

Download