101ff63e0bc829029faeba8f27d3ee23b7e8b10d23298952db3e4f2c37036e65

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-01-2024 15:16

Target

56cf061c67af8ca29adcd17d2b0aca37.exe
Size

562KB
MD5

56cf061c67af8ca29adcd17d2b0aca37
SHA1

ad3cef9622d1c71e8ba24211da638eed4551b825
SHA256

101ff63e0bc829029faeba8f27d3ee23b7e8b10d23298952db3e4f2c37036e65
SHA512

69599b926b5b751ffd6fba37a6e7382bc452bbbd40cbc5dd2855ee277132352ff1863dc53bbef565c7f312ed3ec8edd4da62671c21c5c3e471f02feec788707c
SSDEEP

6144:Wwi95fk/6/3ZAJSn6rXofxu+UEyYSzdlJRCP3n6x2qX4/eohM5rM1N7OkZvgUNM2:WDCC3xu+Jyvdx2qo/05rM1zOdzXaFj7

Score

1^/10

Suspicious use of UnmapMainImage 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 2520	1440	56cf061c67af8ca29adcd17d2b0aca37.exe	28
PID 1440 wrote to memory of 2520	1440	56cf061c67af8ca29adcd17d2b0aca37.exe	28
PID 1440 wrote to memory of 2520	1440	56cf061c67af8ca29adcd17d2b0aca37.exe	28
PID 1440 wrote to memory of 2520	1440	56cf061c67af8ca29adcd17d2b0aca37.exe	28
PID 1440 wrote to memory of 2536	1440	56cf061c67af8ca29adcd17d2b0aca37.exe	29
PID 1440 wrote to memory of 2536	1440	56cf061c67af8ca29adcd17d2b0aca37.exe	29
PID 1440 wrote to memory of 2536	1440	56cf061c67af8ca29adcd17d2b0aca37.exe	29
PID 1440 wrote to memory of 2536	1440	56cf061c67af8ca29adcd17d2b0aca37.exe	29

C:\Users\Admin\AppData\Local\Temp\56cf061c67af8ca29adcd17d2b0aca37.exe
"C:\Users\Admin\AppData\Local\Temp\56cf061c67af8ca29adcd17d2b0aca37.exe"
1⤵
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Users\Admin\AppData\Local\Temp\56cf061c67af8ca29adcd17d2b0aca37.exe
  start
  2⤵
  - Suspicious use of UnmapMainImage
  PID:2520
- C:\Users\Admin\AppData\Local\Temp\56cf061c67af8ca29adcd17d2b0aca37.exe
  watch
  2⤵
  - Suspicious use of UnmapMainImage
  PID:2536

memory/1440-0-0x0000000000230000-0x000000000024F000-memory.dmp

Filesize
124KB

Download
memory/1440-2-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2520-3-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2520-5-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2536-4-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2536-6-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download