93b71b581da1108399f1d95d2b475309c7477f0c01c53f0747bae83ded0c9061

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/04/2024, 10:12

Target

COCKTA~1.exe
Size

570KB
MD5

706bf659bc3470be42613799580e036e
SHA1

1e84f53882e3fa8563b9ed4ad63bd98a31efe9ce
SHA256

c88df8c97951601cf7fdbe9d81ca0d9f64a0022b03dfd44d50795375d8a1980f
SHA512

cc494cc196ea48e401cc9095c2a6959b15f689366c44cf584a4c359a9d341dbc97935caf9feeb682d84ccbe4a4555757d697966344b73237434eab7e610f5d58
SSDEEP

3072:JLarXJo8tA5egsi5ivZMJyFtfIKwAbf0T5OyQRmss7e6NWZZndH6lYZc:gAiCozIlAbs0yQR07fUZNdh

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2948	2008	COCKTA~1.exe	28
PID 2008 wrote to memory of 2948	2008	COCKTA~1.exe	28
PID 2008 wrote to memory of 2948	2008	COCKTA~1.exe	28

C:\Users\Admin\AppData\Local\Temp\COCKTA~1.exe
"C:\Users\Admin\AppData\Local\Temp\COCKTA~1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 456
  2⤵
  PID:2948

memory/2008-0-0x000007FEF6050000-0x000007FEF69ED000-memory.dmp

Filesize
9.6MB

Download
memory/2008-1-0x0000000000A50000-0x0000000000AD0000-memory.dmp

Filesize
512KB

Download
memory/2008-2-0x0000000000A50000-0x0000000000AD0000-memory.dmp

Filesize
512KB

Download
memory/2008-4-0x000007FEF6050000-0x000007FEF69ED000-memory.dmp

Filesize
9.6MB

Download
memory/2008-5-0x0000000000A50000-0x0000000000AD0000-memory.dmp

Filesize
512KB

Download
memory/2948-3-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download