28491a67f887f7b150f741b3f5a1277a2e9cd3c8861e768c50f10581d8b7b485

Analysis

max time kernel
139s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 05:09

Target

66c7bed4d15ebcd0c3bb591032bec48c.exe
Size

95KB
MD5

66c7bed4d15ebcd0c3bb591032bec48c
SHA1

c68c78844d90896154acd9e623e8ff5687d5e194
SHA256

28491a67f887f7b150f741b3f5a1277a2e9cd3c8861e768c50f10581d8b7b485
SHA512

88cc314673f9932e808b00056efea371d8210e8c5df4146f22f32353cbdec13e2ef6220bde18d839d3d0d7231a7d17983df3c5a4fc0dc0c55807e00244cfce4b
SSDEEP

1536:/ZfQAm/nNfG5EoQ1rAbHwIUul9+hbdqQWYAxptV249wUn5D:RI1/gIAgC+hbBWYEjV2w

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2364	2952	66c7bed4d15ebcd0c3bb591032bec48c.exe	87
PID 2952 wrote to memory of 2364	2952	66c7bed4d15ebcd0c3bb591032bec48c.exe	87
PID 2952 wrote to memory of 2364	2952	66c7bed4d15ebcd0c3bb591032bec48c.exe	87

C:\Users\Admin\AppData\Local\Temp\66c7bed4d15ebcd0c3bb591032bec48c.exe
"C:\Users\Admin\AppData\Local\Temp\66c7bed4d15ebcd0c3bb591032bec48c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Windows\SysWOW64\userinit.exe
  "C:\Windows\system32\userinit.exe"
  2⤵
  PID:2364

memory/2952-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download