b16de5a88afd43f43e50894cc567a1e54e5e3216abf7b106258f7ab397013ff5

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-03-2024 14:46

Target

c3a1c86f2601027892ae0b811de97ec3.exe
Size

26KB
MD5

c3a1c86f2601027892ae0b811de97ec3
SHA1

4edf05ca185149189f3e04922b4bb998237bf2da
SHA256

b16de5a88afd43f43e50894cc567a1e54e5e3216abf7b106258f7ab397013ff5
SHA512

a70cadad2f862bad09733c2a11e936b768b2384b6f0fb9ce519bc198a2c1a36e5fd5ec1b0807559c07e76211aadc3f75eb472658cc950bc798c4a512b097a39a
SSDEEP

384:tdUKwCxbgSWFT+zNklKNT9jny+c1J+LYF2EQJdryQyn4a3Zsnh:nUKwCxbgSuqzNklKrnBSQJNfyH3Zsh

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 2484	1200	c3a1c86f2601027892ae0b811de97ec3.exe	28
PID 1200 wrote to memory of 2484	1200	c3a1c86f2601027892ae0b811de97ec3.exe	28
PID 1200 wrote to memory of 2484	1200	c3a1c86f2601027892ae0b811de97ec3.exe	28
PID 1200 wrote to memory of 2484	1200	c3a1c86f2601027892ae0b811de97ec3.exe	28

C:\Users\Admin\AppData\Local\Temp\c3a1c86f2601027892ae0b811de97ec3.exe
"C:\Users\Admin\AppData\Local\Temp\c3a1c86f2601027892ae0b811de97ec3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 380
  2⤵
  PID:2484

memory/1200-0-0x0000000074650000-0x0000000074BFB000-memory.dmp

Filesize
5.7MB

Download
memory/1200-1-0x0000000074650000-0x0000000074BFB000-memory.dmp

Filesize
5.7MB

Download
memory/1200-2-0x00000000005C0000-0x0000000000600000-memory.dmp

Filesize
256KB

Download
memory/1200-4-0x0000000074650000-0x0000000074BFB000-memory.dmp

Filesize
5.7MB

Download
memory/1200-5-0x00000000005C0000-0x0000000000600000-memory.dmp

Filesize
256KB

Download
memory/2484-3-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/2484-6-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download