e837869352cfaee7b04a0586797b68e141681a27c5874a59a180bbd05c791dcb

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 10:57

Target

4380d00d938c557c37899ede1733c5d0.exe
Size

28KB
MD5

4380d00d938c557c37899ede1733c5d0
SHA1

13b8b570d28ea00a28f5dac023968b54120c7e78
SHA256

e837869352cfaee7b04a0586797b68e141681a27c5874a59a180bbd05c791dcb
SHA512

784b6b767ee14b88862a4d1f93c65a0fbfb1661c5d6eff112a7555ca15ff63d81c4a47f6fcc3b12f257932446fa683beb44a72d163200a38cc1f7d4a61deb9d5
SSDEEP

384:ty7gu35fPR5rS/dXt59VRFFk7ufJdbywMj8oc6CnGruDPCaNMhrzUNNR:tyETfy7wvDPCGMHcR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 2868	2744	4380d00d938c557c37899ede1733c5d0.exe	27
PID 2744 wrote to memory of 2868	2744	4380d00d938c557c37899ede1733c5d0.exe	27
PID 2744 wrote to memory of 2868	2744	4380d00d938c557c37899ede1733c5d0.exe	27

C:\Users\Admin\AppData\Local\Temp\4380d00d938c557c37899ede1733c5d0.exe
"C:\Users\Admin\AppData\Local\Temp\4380d00d938c557c37899ede1733c5d0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 444
  2⤵
  PID:2868

memory/2744-0-0x000007FEF53B0000-0x000007FEF5D4D000-memory.dmp

Filesize
9.6MB

Download
memory/2744-1-0x0000000000C70000-0x0000000000CF0000-memory.dmp

Filesize
512KB

Download
memory/2744-2-0x000007FEF53B0000-0x000007FEF5D4D000-memory.dmp

Filesize
9.6MB

Download
memory/2744-3-0x0000000000C70000-0x0000000000CF0000-memory.dmp

Filesize
512KB

Download
memory/2744-5-0x000007FEF53B0000-0x000007FEF5D4D000-memory.dmp

Filesize
9.6MB

Download
memory/2744-6-0x0000000000C70000-0x0000000000CF0000-memory.dmp

Filesize
512KB

Download
memory/2868-4-0x0000000001DE0000-0x0000000001DE1000-memory.dmp

Filesize
4KB

Download