65d31a5361f040573b51a68eccc5ac8be519669dc876b12184d584e50d702026

Analysis

max time kernel
122s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:24

Target

06dab81c4b2e202c034efb79520d148a.exe
Size

609KB
MD5

06dab81c4b2e202c034efb79520d148a
SHA1

58d66283ec722746a47c983572a61b03f8a38c4e
SHA256

65d31a5361f040573b51a68eccc5ac8be519669dc876b12184d584e50d702026
SHA512

4099e4fdc29aaba62ed83ab3ee2df406f80ad1b940aadb09f80805bdec0064045359e2982af1e7191f0aef808222b414e261d1b1ab4fcdb95ac79189698a41c7
SSDEEP

12288:xUC4pZeOp6RvJDH2TgXztceht3UQcwgra88:xwTeK6JJSYcehbgra88

Score

1^/10

Suspicious use of UnmapMainImage 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 2908	2272	06dab81c4b2e202c034efb79520d148a.exe	29
PID 2272 wrote to memory of 2908	2272	06dab81c4b2e202c034efb79520d148a.exe	29
PID 2272 wrote to memory of 2908	2272	06dab81c4b2e202c034efb79520d148a.exe	29
PID 2272 wrote to memory of 2908	2272	06dab81c4b2e202c034efb79520d148a.exe	29
PID 2272 wrote to memory of 2700	2272	06dab81c4b2e202c034efb79520d148a.exe	28
PID 2272 wrote to memory of 2700	2272	06dab81c4b2e202c034efb79520d148a.exe	28
PID 2272 wrote to memory of 2700	2272	06dab81c4b2e202c034efb79520d148a.exe	28
PID 2272 wrote to memory of 2700	2272	06dab81c4b2e202c034efb79520d148a.exe	28

C:\Users\Admin\AppData\Local\Temp\06dab81c4b2e202c034efb79520d148a.exe
"C:\Users\Admin\AppData\Local\Temp\06dab81c4b2e202c034efb79520d148a.exe"
1⤵
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Users\Admin\AppData\Local\Temp\06dab81c4b2e202c034efb79520d148a.exe
  watch
  2⤵
  - Suspicious use of UnmapMainImage
  PID:2700
- C:\Users\Admin\AppData\Local\Temp\06dab81c4b2e202c034efb79520d148a.exe
  start
  2⤵
  - Suspicious use of UnmapMainImage
  PID:2908

memory/2272-0-0x000000007EF90000-0x000000007EFAF000-memory.dmp

Filesize
124KB

Download
memory/2272-2-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2700-4-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2700-6-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2908-3-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2908-5-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download