011920c45e273ec6f5d5fc19c464b5023c5945bf1fae76c10298a8d7e8d68319

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
12-06-2024 18:26

Target

THS55188.exe
Size

895KB
MD5

d7459fb5b1930ffb0857403a1c3157de
SHA1

9b873b51789b1009db6bfd34d4b9921fb2026cb6
SHA256

f999fcc5ef9f427bbbfe1c58d3c78c9a7dc12103d45a051d235ab07c5d3d0c4f
SHA512

f5effe1de04beb7e5917252025385d8b2e1d957431f238c234e9b429141b930cffc3028be9a40c23ef5c06a3d0ef90b8f3e8f98c7ed573bf98936e663701f381
SSDEEP

24576:89f2ZA67o413Yw/EQBO9eKllSOgPkPtyMx3akw9941uc:8eZAoo42gEQBO9eWwOgP7MNakGTc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 2976	1452	THS55188.exe	28
PID 1452 wrote to memory of 2976	1452	THS55188.exe	28
PID 1452 wrote to memory of 2976	1452	THS55188.exe	28

C:\Users\Admin\AppData\Local\Temp\THS55188.exe
"C:\Users\Admin\AppData\Local\Temp\THS55188.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 500
  2⤵
  PID:2976

memory/1452-0-0x000007FEF5C8E000-0x000007FEF5C8F000-memory.dmp

Filesize
4KB

Download
memory/1452-1-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

Filesize
9.6MB

Download
memory/1452-2-0x000000001B1C0000-0x000000001B53A000-memory.dmp

Filesize
3.5MB

Download
memory/1452-3-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

Filesize
9.6MB

Download
memory/1452-5-0x000007FEF5C8E000-0x000007FEF5C8F000-memory.dmp

Filesize
4KB

Download
memory/1452-6-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

Filesize
9.6MB

Download
memory/2976-4-0x0000000000470000-0x0000000000471000-memory.dmp

Filesize
4KB

Download