4bafab598cdf5369e949d949c1b53405f40d15ef2e3ad11d4ccf5bc93a336737

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-02-2024 22:12

Target

a2d89645c41036f88ad7b5eea00623cd.exe
Size

10KB
MD5

a2d89645c41036f88ad7b5eea00623cd
SHA1

aafa99a1f7838a8f61037d6473c4a04f0fb111f2
SHA256

4bafab598cdf5369e949d949c1b53405f40d15ef2e3ad11d4ccf5bc93a336737
SHA512

4832529793fcf47d7a6d6b849c2f656a241a848a3c5b74fcf2fc85fd0bad1eb55e8e76def60988989f97935d502cfebdecf08d3e16e5572582c4339c98247a61
SSDEEP

192:FwOHe99cRJnMlZ8KLDCau5iBfhH8xyLiwbXGeks9uYZr0L6UG3OYfy27wijW:yL9WRpMlZRexipxbXGed9uYx07YJjW

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2992	2952	a2d89645c41036f88ad7b5eea00623cd.exe	28
PID 2952 wrote to memory of 2992	2952	a2d89645c41036f88ad7b5eea00623cd.exe	28
PID 2952 wrote to memory of 2992	2952	a2d89645c41036f88ad7b5eea00623cd.exe	28
PID 2952 wrote to memory of 2992	2952	a2d89645c41036f88ad7b5eea00623cd.exe	28

C:\Users\Admin\AppData\Local\Temp\a2d89645c41036f88ad7b5eea00623cd.exe
"C:\Users\Admin\AppData\Local\Temp\a2d89645c41036f88ad7b5eea00623cd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\a2d89645c41036f88ad7b5eea00623cd.exe"
  2⤵
  PID:2992

memory/2952-0-0x0000000000400000-0x000000000090A000-memory.dmp

Filesize
5.0MB

Download
memory/2952-1-0x0000000000400000-0x000000000090A000-memory.dmp

Filesize
5.0MB

Download
memory/2952-2-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download
memory/2952-3-0x0000000000400000-0x000000000090A000-memory.dmp

Filesize
5.0MB

Download