1a05b7b5953c11e6feec577a23a7c68b7c48a9c5891e2d4937a7174355c2ee4c

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 12:48

Target

数据ETL控制台.exe
Size

24KB
MD5

edc2a2f086b38c8c22018c7bcf20a1b7
SHA1

4c5699663f9241def76da876da6a4f42289d65df
SHA256

1a05b7b5953c11e6feec577a23a7c68b7c48a9c5891e2d4937a7174355c2ee4c
SHA512

969b843cdd774ecca958e5bc988ec05e4cbc1f6a885d776e52b813a924a31f8b94750ed873a543aea1e10b7817fc75c89a064c59bcc2863feee9f72ded09461a
SSDEEP

384:6scL55r/F7sjVvUV3SlKUjArrq66rrq6sSsMlOn4OgHPK:6375sjVv/ji8t1Hy

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2524	dw20.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2524	2040	数据ETL控制台.exe	29
PID 2040 wrote to memory of 2524	2040	数据ETL控制台.exe	29
PID 2040 wrote to memory of 2524	2040	数据ETL控制台.exe	29

C:\Users\Admin\AppData\Local\Temp\数据ETL控制台.exe
"C:\Users\Admin\AppData\Local\Temp\数据ETL控制台.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 368
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2524

memory/2040-1-0x0000000000A40000-0x0000000000AC0000-memory.dmp

Filesize
512KB

Download
memory/2040-0-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

Filesize
9.6MB

Download
memory/2040-3-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

Filesize
9.6MB

Download
memory/2040-4-0x0000000000A40000-0x0000000000AC0000-memory.dmp

Filesize
512KB

Download
memory/2524-2-0x0000000000480000-0x0000000000481000-memory.dmp

Filesize
4KB

Download