478761641f13cfdd0e428b012fd0d2da1f26a0ddc1c2db236a2e479f83937c0b

Analysis

max time kernel
122s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 21:29

Target

49d0a6907b99142e0cb73caff79075f0.exe
Size

80KB
MD5

49d0a6907b99142e0cb73caff79075f0
SHA1

5cff68157adb32f742264f5d964cc17430ce97f6
SHA256

478761641f13cfdd0e428b012fd0d2da1f26a0ddc1c2db236a2e479f83937c0b
SHA512

c7bd55a4eb9d3ca6dab7386cb91220281fc30bf559e67e03e59a1ca463f007dd82d4ea16e6d48af328a6248cac750ce7e7a07bdb2a8a7042cd08603259962ceb
SSDEEP

1536:q8V6HGavhgaYbY4cklCOj3SYLt4pSXreNHRVhqKuESGkQDb:q8Vqnvsp8Oj3zt4AXrQVhhTu4b

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2480	49d0a6907b99142e0cb73caff79075f0.exe
2480	49d0a6907b99142e0cb73caff79075f0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 1244	2480	49d0a6907b99142e0cb73caff79075f0.exe	9
PID 2480 wrote to memory of 1244	2480	49d0a6907b99142e0cb73caff79075f0.exe	9
PID 2480 wrote to memory of 1244	2480	49d0a6907b99142e0cb73caff79075f0.exe	9
PID 2480 wrote to memory of 1244	2480	49d0a6907b99142e0cb73caff79075f0.exe	9

memory/1244-3-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1244-6-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/2480-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2480-1-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2480-16-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2480-15-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download