b4012c45423840f0e2e313bb0f66e545b383c714ebdff0e183f8ac33dd04d46c

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
06-02-2024 23:45

Target

b4012c45423840f0e2e313bb0f66e545b383c714ebdff0e183f8ac33dd04d46c.exe
Size

202KB
MD5

e428fb6a22ff6d709df5927ad238eda6
SHA1

b1c084409f8c368b60de67a8d5564e5e26806285
SHA256

b4012c45423840f0e2e313bb0f66e545b383c714ebdff0e183f8ac33dd04d46c
SHA512

4a2dc5d598bbb6c32c5a5bd4c097154eb7767d2e3fcd6a913e31e9d98740480a9a68443bc0f946a17e0ea7edfdbb615c34895de6cef9a6124a6533fdce39af39
SSDEEP

3072:kkEga0uyYPTM3rmjZvto2AKCK3WOad4RCuGGh6EX/vojs:kbp0OT3PAKjdNG06EI

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

b4012c45423840f0e2e313bb0f66e545b383c714ebdff0e183f8ac33dd04d46c.exe

description	pid	process	target process
PID 2088 wrote to memory of 2152	2088	b4012c45423840f0e2e313bb0f66e545b383c714ebdff0e183f8ac33dd04d46c.exe	notepad.exe
PID 2088 wrote to memory of 2152	2088	b4012c45423840f0e2e313bb0f66e545b383c714ebdff0e183f8ac33dd04d46c.exe	notepad.exe
PID 2088 wrote to memory of 2152	2088	b4012c45423840f0e2e313bb0f66e545b383c714ebdff0e183f8ac33dd04d46c.exe	notepad.exe

C:\Users\Admin\AppData\Local\Temp\b4012c45423840f0e2e313bb0f66e545b383c714ebdff0e183f8ac33dd04d46c.exe
"C:\Users\Admin\AppData\Local\Temp\b4012c45423840f0e2e313bb0f66e545b383c714ebdff0e183f8ac33dd04d46c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2088