5410b4b87e32b1ecc58b7d56014dfa0c5e839838b49c80ab23fe48a68b253226

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05/05/2024, 11:57

Target

ClientFtp.exe
Size

276KB
MD5

03079bf95d7647589ec6a01f2f66c832
SHA1

61d2ea55534e4214e15d31c0bc0ff61c73c09d6e
SHA256

5410b4b87e32b1ecc58b7d56014dfa0c5e839838b49c80ab23fe48a68b253226
SHA512

f9d5dd78345e0e2843063a7189903298d62f2716e7d6de36d158685953264c73299fdefd72d52d6569b34c132a43022acb695eacfb8ad4abe7f243bac551d012
SSDEEP

3072:+ty1FbSe3TCpE0mWzuRtceRVfLT+vzX1MDevAI6zKZYGSbp:+toFbSe3OpqRF+vqeZYG0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1256	2220	ClientFtp.exe	28
PID 2220 wrote to memory of 1256	2220	ClientFtp.exe	28
PID 2220 wrote to memory of 1256	2220	ClientFtp.exe	28

C:\Users\Admin\AppData\Local\Temp\ClientFtp.exe
"C:\Users\Admin\AppData\Local\Temp\ClientFtp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 396
  2⤵
  PID:1256

memory/1256-3-0x0000000000470000-0x0000000000471000-memory.dmp

Filesize
4KB

Download
memory/2220-0-0x000007FEF5F2E000-0x000007FEF5F2F000-memory.dmp

Filesize
4KB

Download
memory/2220-1-0x000007FEF5C70000-0x000007FEF660D000-memory.dmp

Filesize
9.6MB

Download
memory/2220-2-0x000007FEF5C70000-0x000007FEF660D000-memory.dmp

Filesize
9.6MB

Download
memory/2220-4-0x000007FEF5C70000-0x000007FEF660D000-memory.dmp

Filesize
9.6MB

Download