cebdd43547cad62d146a612856a18e92545e92dcbc8c9dd6940a6ab270aa41b5

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:02

Target

tmperxm73dr.exe
Size

12KB
MD5

83dd5287d978f55bcef28ea792565858
SHA1

dc763dc35e8444fb5f3b22db2adb86413dd7fc09
SHA256

cebdd43547cad62d146a612856a18e92545e92dcbc8c9dd6940a6ab270aa41b5
SHA512

8eeaa7dd80a765bee6f4ed698964f0b92d14ab84d43b3a298b0bb58b7b9338f8f82d418500ac67d8067bf081eb11e3feb97c24b92f92b4b6cb43cbe6b6b80c2d
SSDEEP

192:M2Pv10CrU8RNLoYL1RNoXPJioK86qh7x758J9L8YimVM6+/ve4gNhD:ZPvVjz52Pj16qJx7+9LfJipjgNh

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

tmperxm73dr.exe

description	pid	process	target process
PID 624 wrote to memory of 2996	624	tmperxm73dr.exe	dw20.exe
PID 624 wrote to memory of 2996	624	tmperxm73dr.exe	dw20.exe
PID 624 wrote to memory of 2996	624	tmperxm73dr.exe	dw20.exe

C:\Users\Admin\AppData\Local\Temp\tmperxm73dr.exe
"C:\Users\Admin\AppData\Local\Temp\tmperxm73dr.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:624

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
dw20.exe -x -s 396
2⤵
PID:2996

memory/624-0-0x000007FEF5680000-0x000007FEF601D000-memory.dmp

Filesize
9.6MB

Download
memory/624-1-0x0000000000B10000-0x0000000000B90000-memory.dmp

Filesize
512KB

Download
memory/624-2-0x000007FEF5680000-0x000007FEF601D000-memory.dmp

Filesize
9.6MB

Download
memory/624-4-0x000007FEF5680000-0x000007FEF601D000-memory.dmp

Filesize
9.6MB

Download
memory/624-5-0x0000000000B10000-0x0000000000B90000-memory.dmp

Filesize
512KB

Download
memory/2996-3-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download