41dc05ca4ddb01269cc719ceadf4b5e66b0646b9229d504a56d3ce555cfe3818

Analysis

max time kernel
153s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 19:32

Target

68744b215a0674bc010a0f37836892d2.exe
Size

112KB
MD5

68744b215a0674bc010a0f37836892d2
SHA1

0ea2c8790236b1931c5425675bde55d7f98eaff3
SHA256

41dc05ca4ddb01269cc719ceadf4b5e66b0646b9229d504a56d3ce555cfe3818
SHA512

b457d66075ce44d69026c6b2512479a18b548abf44ed422ce1967ebb61c8f9bda5c1c2fdedce8f977c8a399c54d2b3fba6946e8f3cb4ad5f13db2f97a12edbe4
SSDEEP

3072:89M3Myt9uEjsvFyxBPNqDYkyKgittgLUhs1xcGH+UvNQ:8y3MythwyxBOYkgVUhMxcu+Uv

Score

1^/10

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 4276	3916	68744b215a0674bc010a0f37836892d2.exe	88
PID 3916 wrote to memory of 4276	3916	68744b215a0674bc010a0f37836892d2.exe	88
PID 3916 wrote to memory of 4276	3916	68744b215a0674bc010a0f37836892d2.exe	88
PID 3916 wrote to memory of 4276	3916	68744b215a0674bc010a0f37836892d2.exe	88
PID 3916 wrote to memory of 4276	3916	68744b215a0674bc010a0f37836892d2.exe	88

C:\Users\Admin\AppData\Local\Temp\68744b215a0674bc010a0f37836892d2.exe
"C:\Users\Admin\AppData\Local\Temp\68744b215a0674bc010a0f37836892d2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe
  2⤵
  PID:4276

memory/3916-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3916-1-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/3916-2-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3916-3-0x00000000008C0000-0x00000000008D2000-memory.dmp

Filesize
72KB

Download
memory/3916-4-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3916-5-0x0000000000910000-0x000000000091E000-memory.dmp

Filesize
56KB

Download