3b246faa7e4b2a8550aa619f4da893db83721aacf62b46e5863644a5249aa87e

Analysis

max time kernel
135s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 12:33

Target

E906FA3D51E86A61741B3499145A114E9BFB7C56.exe
Size

261KB
MD5

6d3d62a4cff19b4f2cc7ce9027c33be8
SHA1

e906fa3d51e86a61741b3499145a114e9bfb7c56
SHA256

afaba2400552c7032a5c4c6e6151df374d0e98dc67204066281e30e6699dbd18
SHA512

973643639cb02491b86d5b264ee8118a67d8a83453307aea95de2f4c6aa55819d37730c41dc3338116ebe86f9a4f2bba7d9537ea744ae08b9755f05c15153fad
SSDEEP

6144:93g0BQG+aZiycigV5bbEo6dZbBODPIsjQ/UFsYWo:93g0OGjZiycigVRbObBODTMUdj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 4424	3500	E906FA3D51E86A61741B3499145A114E9BFB7C56.exe	90
PID 3500 wrote to memory of 4424	3500	E906FA3D51E86A61741B3499145A114E9BFB7C56.exe	90
PID 3500 wrote to memory of 4424	3500	E906FA3D51E86A61741B3499145A114E9BFB7C56.exe	90

C:\Users\Admin\AppData\Local\Temp\E906FA3D51E86A61741B3499145A114E9BFB7C56.exe
"C:\Users\Admin\AppData\Local\Temp\E906FA3D51E86A61741B3499145A114E9BFB7C56.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Users\Admin\AppData\Local\Temp\E906FA3D51E86A61741B3499145A114E9BFB7C56.exe
  C:\Users\Admin\AppData\Local\Temp\E906FA3D51E86A61741B3499145A114E9BFB7C56.exe
  2⤵
  PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4176,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4100 /prefetch:8
1⤵
PID:2756

memory/3500-0-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download