161413fcc3bf2e7ed877d7a86105c0de2ee0213b63d62945d276c85d37dc3cb1

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 13:44

Target

d6420fa900b81ad8133f44739bb210a5.exe
Size

500KB
MD5

d6420fa900b81ad8133f44739bb210a5
SHA1

3d36b893a1726ed6b57e164cdc167bad5293f826
SHA256

161413fcc3bf2e7ed877d7a86105c0de2ee0213b63d62945d276c85d37dc3cb1
SHA512

0710376a75bcc4abd2d745c3af904fc779ebe1fbdb38d9f9fd246ab3dfaebcbf0e6ab1303f3fad61439650707508ee677f69043a803bac95977e5bdab3caf9aa
SSDEEP

6144:mvFPWs6Diz2dCdSDTJmsucJ1BnSh5l6USlwCPJD0IapBbCk7KHqFv1ntX:gF9Ck+TJmsucJrSzww8JI3jPgk9n

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 320 wrote to memory of 2968	320	d6420fa900b81ad8133f44739bb210a5.exe	28
PID 320 wrote to memory of 2968	320	d6420fa900b81ad8133f44739bb210a5.exe	28
PID 320 wrote to memory of 2968	320	d6420fa900b81ad8133f44739bb210a5.exe	28
PID 320 wrote to memory of 2968	320	d6420fa900b81ad8133f44739bb210a5.exe	28

C:\Users\Admin\AppData\Local\Temp\d6420fa900b81ad8133f44739bb210a5.exe
"C:\Users\Admin\AppData\Local\Temp\d6420fa900b81ad8133f44739bb210a5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:320
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 476
  2⤵
  PID:2968

memory/320-0-0x0000000074290000-0x000000007483B000-memory.dmp

Filesize
5.7MB

Download
memory/320-1-0x0000000074290000-0x000000007483B000-memory.dmp

Filesize
5.7MB

Download
memory/320-2-0x0000000000D10000-0x0000000000D50000-memory.dmp

Filesize
256KB

Download
memory/320-4-0x0000000074290000-0x000000007483B000-memory.dmp

Filesize
5.7MB

Download
memory/320-5-0x0000000000D10000-0x0000000000D50000-memory.dmp

Filesize
256KB

Download
memory/2968-3-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/2968-6-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download