86c9b06f8228f20c1f8a391702bec3b013d46ace83da6c135266f83ad2bf17de

Resubmissions

17/05/2024, 19:28

17/05/2024, 19:28

17/05/2024, 19:27

max time kernel
119s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 19:28

Target

阿里文档备注(营业执照和经营前台流水信息).exe
Size

8.6MB
MD5

c75211a1ec9976e01f365188bf8a02ce
SHA1

5b4ab0d0501ed6e86dd410f6924b746a40f95f79
SHA256

719f7e66c2ca2a9d07bcd88a0b1b1bba0b572c7c78ec2997e1b9c56f0852410c
SHA512

0f89395024b09a0fd24390bdfc1c76a60ad5780f23718f9ed6009c740d9f0398b399b8fe221330c8df8b17cbc4e38826259b8f7cd4654faa830f7f176a07d707
SSDEEP

49152:CTaDOd34uKCgrb/TavO90d7HjmAFd4A64nsfJaardq9KOZG5vp0AzohGI+Yvaz8t:w34k5KAMpfpELgh1vGU9xEaodTqK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 720 wrote to memory of 1956	720	阿里文档备注(营业执照和经营前台流水信息).exe	100
PID 720 wrote to memory of 1956	720	阿里文档备注(营业执照和经营前台流水信息).exe	100
PID 720 wrote to memory of 1956	720	阿里文档备注(营业执照和经营前台流水信息).exe	100

C:\Users\Admin\AppData\Local\Temp\阿里文档备注(营业执照和经营前台流水信息).exe
"C:\Users\Admin\AppData\Local\Temp\阿里文档备注(营业执照和经营前台流水信息).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:720
- C:\Windows\notepad.exe
  "C:\Windows\notepad.exe"
  2⤵
  PID:1956

memory/720-0-0x00007FF6759E0000-0x00007FF6762DF000-memory.dmp

Filesize
9.0MB

Download
memory/720-1-0x00007FF6759E0000-0x00007FF6762DF000-memory.dmp

Filesize
9.0MB

Download
memory/720-3-0x00007FF6759E0000-0x00007FF6762DF000-memory.dmp

Filesize
9.0MB

Download
memory/720-8-0x00007FF6759E0000-0x00007FF6762DF000-memory.dmp

Filesize
9.0MB

Download
memory/1956-5-0x0000025024040000-0x0000025024089000-memory.dmp

Filesize
292KB

Download
memory/1956-6-0x0000025025AE0000-0x0000025025B36000-memory.dmp

Filesize
344KB

Download