53448d43f440fd581bdf597fb4db17e541c14c9573a00c2488f743c30183c298

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:00

Target

NewTweakOrderV1.06_Patch0.6E/NewTweakOrder.exe
Size

2.1MB
MD5

8c79c40a9b130a5251bd2dac434ef55d
SHA1

2ab4a87f48ce502c1a3383fc468d961831c681ad
SHA256

b93a3c0ea9a498a4c9bc4d943d58c59dbeeafe7bab7080b0d722ad5a50228625
SHA512

2cdc3c8543d1dfbac3d5bcb76d1c19b967b7e6f9c0db9adbfc28b62f0dadb8fe722e84131794bcadfb030a8663486045e71a447f7e7ec30f070821cf134763fa
SSDEEP

3072:cxWibGT9HCy5KPmHorzdkMv9sV0BPukgXGWyUmHIHT78So9Jl:0dbGT9HcHd19sUd5WyUmHIHT7BQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

NewTweakOrder.exe

description	pid	process	target process
PID 2580 wrote to memory of 2212	2580	NewTweakOrder.exe	dw20.exe
PID 2580 wrote to memory of 2212	2580	NewTweakOrder.exe	dw20.exe
PID 2580 wrote to memory of 2212	2580	NewTweakOrder.exe	dw20.exe

C:\Users\Admin\AppData\Local\Temp\NewTweakOrderV1.06_Patch0.6E\NewTweakOrder.exe
"C:\Users\Admin\AppData\Local\Temp\NewTweakOrderV1.06_Patch0.6E\NewTweakOrder.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2580

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
dw20.exe -x -s 472
2⤵
PID:2212

memory/2212-5-0x0000000000460000-0x0000000000461000-memory.dmp

Filesize
4KB

Download
memory/2580-0-0x000007FEF53EE000-0x000007FEF53EF000-memory.dmp

Filesize
4KB

Download
memory/2580-1-0x000007FEF5130000-0x000007FEF5ACD000-memory.dmp

Filesize
9.6MB

Download
memory/2580-2-0x000007FEF5130000-0x000007FEF5ACD000-memory.dmp

Filesize
9.6MB

Download
memory/2580-3-0x000007FEF5130000-0x000007FEF5ACD000-memory.dmp

Filesize
9.6MB

Download
memory/2580-4-0x000007FEF5130000-0x000007FEF5ACD000-memory.dmp

Filesize
9.6MB

Download
memory/2580-6-0x000007FEF5130000-0x000007FEF5ACD000-memory.dmp

Filesize
9.6MB

Download