208e0cedb2659e97c4fc5155c0c580bd69da3c13ada3d12e680fffeee8bace1f

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 13:25

Target

beb75d1edc2e1d16145fb7fe57c52d5c.exe
Size

7KB
MD5

beb75d1edc2e1d16145fb7fe57c52d5c
SHA1

1523423a9a915d5adffbbafe14f47de312e7fcc3
SHA256

208e0cedb2659e97c4fc5155c0c580bd69da3c13ada3d12e680fffeee8bace1f
SHA512

18d6282ca100b582e7f1590694165bcff9ae60d71162f232a4ab9867c3ed0f2ec71b9306d8a8127dfed356861f2e05c56923a652aff98c41aeb8993d56218829
SSDEEP

96:WgQG6kHWjs8F7TssS61vF5cE2TYlnlYJnLeL0Kff345COv1r5RXmm6oajF:WZjs8NvS61wV2nlYJLeLTg4mn6n

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2940	dw20.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2940	2024	beb75d1edc2e1d16145fb7fe57c52d5c.exe	29
PID 2024 wrote to memory of 2940	2024	beb75d1edc2e1d16145fb7fe57c52d5c.exe	29
PID 2024 wrote to memory of 2940	2024	beb75d1edc2e1d16145fb7fe57c52d5c.exe	29

C:\Users\Admin\AppData\Local\Temp\beb75d1edc2e1d16145fb7fe57c52d5c.exe
"C:\Users\Admin\AppData\Local\Temp\beb75d1edc2e1d16145fb7fe57c52d5c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 408
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2940

memory/2024-0-0x000007FEF5270000-0x000007FEF5C0D000-memory.dmp

Filesize
9.6MB

Download
memory/2024-1-0x00000000003B0000-0x0000000000430000-memory.dmp

Filesize
512KB

Download
memory/2024-2-0x000007FEF5270000-0x000007FEF5C0D000-memory.dmp

Filesize
9.6MB

Download
memory/2024-4-0x000007FEF5270000-0x000007FEF5C0D000-memory.dmp

Filesize
9.6MB

Download
memory/2024-5-0x00000000003B0000-0x0000000000430000-memory.dmp

Filesize
512KB

Download
memory/2940-3-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download