1670ee90a8b9725975b27ac19f30799349e5fbc5ccac2372bdfe89aca886ecb3

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 22:41

Target

87da85f62c9a955f26ab884c66dd5266.exe
Size

532KB
MD5

87da85f62c9a955f26ab884c66dd5266
SHA1

222d336d2c6b4f99701086cd8e1560bf2d6bca85
SHA256

1670ee90a8b9725975b27ac19f30799349e5fbc5ccac2372bdfe89aca886ecb3
SHA512

1655473ae3dc559c6edc953b5849f382eb4ec5402d641793a2ec3f979004357034cde78527a87f7bbbdeaa91fee6829255e1306a382b6f5de8d9f6e32cfe3085
SSDEEP

12288:F/i+54tAPDRxdJEj/1ExA2fmSuqSNEV+VVKs8f5:R54tgDRxdyWm21uvNfVVqf5

Score

1^/10

Suspicious use of UnmapMainImage 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 2560	1652	87da85f62c9a955f26ab884c66dd5266.exe	28
PID 1652 wrote to memory of 2560	1652	87da85f62c9a955f26ab884c66dd5266.exe	28
PID 1652 wrote to memory of 2560	1652	87da85f62c9a955f26ab884c66dd5266.exe	28
PID 1652 wrote to memory of 2560	1652	87da85f62c9a955f26ab884c66dd5266.exe	28
PID 1652 wrote to memory of 1752	1652	87da85f62c9a955f26ab884c66dd5266.exe	29
PID 1652 wrote to memory of 1752	1652	87da85f62c9a955f26ab884c66dd5266.exe	29
PID 1652 wrote to memory of 1752	1652	87da85f62c9a955f26ab884c66dd5266.exe	29
PID 1652 wrote to memory of 1752	1652	87da85f62c9a955f26ab884c66dd5266.exe	29

C:\Users\Admin\AppData\Local\Temp\87da85f62c9a955f26ab884c66dd5266.exe
"C:\Users\Admin\AppData\Local\Temp\87da85f62c9a955f26ab884c66dd5266.exe"
1⤵
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Users\Admin\AppData\Local\Temp\87da85f62c9a955f26ab884c66dd5266.exe
  start
  2⤵
  - Suspicious use of UnmapMainImage
  PID:2560
- C:\Users\Admin\AppData\Local\Temp\87da85f62c9a955f26ab884c66dd5266.exe
  watch
  2⤵
  - Suspicious use of UnmapMainImage
  PID:1752

memory/1652-0-0x0000000000230000-0x0000000000240000-memory.dmp

Filesize
64KB

Download
memory/1652-2-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/1652-1-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/1752-4-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/1752-6-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/2560-3-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/2560-5-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download