eb8d0fbfba03b3936c3dae9708a307e347436c19ab5a8dc5acf33dbf1e19bb37

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 05:59

Target

52b9ff27ccf676f86b9bdf083445b14b.exe
Size

186KB
MD5

52b9ff27ccf676f86b9bdf083445b14b
SHA1

257342c7792529e59b5e7f803629937229844b04
SHA256

eb8d0fbfba03b3936c3dae9708a307e347436c19ab5a8dc5acf33dbf1e19bb37
SHA512

fed8d9dd169bbd487e95c50667c023f5bf67e1dc4b1cf3d555cd5c1108eb22ab5df01f204e7713c613fc63618318a76c62ab71c21f53233756c0f1476464183a
SSDEEP

3072:pqPvgttb/bnq0GHpLcN/c2eZTmdHLO6btMSArsdN6I9TL2CwIpZxelskyufb+5Ne:wPvYty0spLcN/c2eZ4O6bCSbN6I9TL2T

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 1892	1888	52b9ff27ccf676f86b9bdf083445b14b.exe	16
PID 1888 wrote to memory of 1892	1888	52b9ff27ccf676f86b9bdf083445b14b.exe	16
PID 1888 wrote to memory of 1892	1888	52b9ff27ccf676f86b9bdf083445b14b.exe	16
PID 1888 wrote to memory of 1892	1888	52b9ff27ccf676f86b9bdf083445b14b.exe	16

C:\Users\Admin\AppData\Local\Temp\52b9ff27ccf676f86b9bdf083445b14b.exe
"C:\Users\Admin\AppData\Local\Temp\52b9ff27ccf676f86b9bdf083445b14b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\SysWOW64\hh.exe
  hh secedit.chm
  2⤵
  PID:1892