c94513e0954819ae5513ae0136d7bdadb94e63de5e29c2c32b3eaa3a0df13eaf

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-01-2024 10:40

Target

Dѵ/ex/ex20_1/pro20_1.exe
Size

130KB
MD5

96e297475af8be5465bc8768bec6830c
SHA1

e8c9f8ab2a0a18552e8833319fc5a73df6364b3e
SHA256

e975414e2805396edf00534a7ab200936214edfcdc7d2312e7ef46916d63690f
SHA512

44159f15efae3b223466074e58517c435cc497a296bc1ebe665f415f3ed31d4619c8989dcb8d748ea6e5fb45629e967cdd9ac65b7cbbd6b79e0190b3d90a0f26
SSDEEP

1536:QyDsFDdz7szyWma0XR3OBeW90N4W/RcAUvMFMQiNXRAhuvbQU21o:F4TAI3a0N4W/RcoWRSuvbQ3o

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2864	2392	pro20_1.exe	29
PID 2392 wrote to memory of 2864	2392	pro20_1.exe	29
PID 2392 wrote to memory of 2864	2392	pro20_1.exe	29

C:\Users\Admin\AppData\Local\Temp\Dѵ\ex\ex20_1\pro20_1.exe
"C:\Users\Admin\AppData\Local\Temp\Dѵ\ex\ex20_1\pro20_1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:2864

memory/2392-0-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download