474fa0359876ec8fdc154238159d1b7864b1b3792daa3e76144b2cd0fc77c3ba

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 21:25

Target

786dd6ae12cf963470c815c8eefc1fae.exe
Size

7KB
MD5

786dd6ae12cf963470c815c8eefc1fae
SHA1

6749930e03fd5ab1885fb1a90d9ae8763c6999ff
SHA256

474fa0359876ec8fdc154238159d1b7864b1b3792daa3e76144b2cd0fc77c3ba
SHA512

40fb04f401e256ff3c01fe1fd4f534a32b7a4b21e547a6f995fe4cb06368f9d0994e316f5202a77892a9172cfcec7cde53c7ba670a5c8fc16c7395805d36599b
SSDEEP

96:DSmG6kHWjs8FAWJ2sSorvF5cE2TYlnlYJnLeL0Kff345CHv1VRXmm6CBajF:DFjs85SuwV2nlYJLeLTg4l6CS

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2776	dw20.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2776	1820	786dd6ae12cf963470c815c8eefc1fae.exe	29
PID 1820 wrote to memory of 2776	1820	786dd6ae12cf963470c815c8eefc1fae.exe	29
PID 1820 wrote to memory of 2776	1820	786dd6ae12cf963470c815c8eefc1fae.exe	29

C:\Users\Admin\AppData\Local\Temp\786dd6ae12cf963470c815c8eefc1fae.exe
"C:\Users\Admin\AppData\Local\Temp\786dd6ae12cf963470c815c8eefc1fae.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 404
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2776

memory/1820-0-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

Filesize
9.6MB

Download
memory/1820-1-0x0000000000AC0000-0x0000000000B40000-memory.dmp

Filesize
512KB

Download
memory/1820-3-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

Filesize
9.6MB

Download
memory/1820-4-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

Filesize
9.6MB

Download
memory/1820-5-0x0000000000AC0000-0x0000000000B40000-memory.dmp

Filesize
512KB

Download
memory/2776-2-0x0000000000460000-0x0000000000461000-memory.dmp

Filesize
4KB

Download