a48742dfd6dc4e2a52117e9e30c9a4b9d857cec60c084ce48545ee327ab5965f

Analysis

max time kernel
21s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 07:47

Target

8d95a74a6d9f41b621b94b1b0de72b70N.exe
Size

86KB
MD5

8d95a74a6d9f41b621b94b1b0de72b70
SHA1

0bd5e5979bef3c41be208937685713346799a16e
SHA256

a48742dfd6dc4e2a52117e9e30c9a4b9d857cec60c084ce48545ee327ab5965f
SHA512

42e40a222e49b77a104cb0f25f8cc11926cc60d1152525c119495f9cd163ad8a0510d867010b8ba17f9d7e73a55b85b648689b2f59dcf72642df82c2f8e4f6ec
SSDEEP

1536:KlcPl/kojJ1AsgmPh1yLvsKKNClll85DathZ:KlcPlDj1y7sKKJpQ

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2708	2760	8d95a74a6d9f41b621b94b1b0de72b70N.exe	31
PID 2760 wrote to memory of 2708	2760	8d95a74a6d9f41b621b94b1b0de72b70N.exe	31
PID 2760 wrote to memory of 2708	2760	8d95a74a6d9f41b621b94b1b0de72b70N.exe	31
PID 2760 wrote to memory of 2708	2760	8d95a74a6d9f41b621b94b1b0de72b70N.exe	31

C:\Users\Admin\AppData\Local\Temp\8d95a74a6d9f41b621b94b1b0de72b70N.exe
"C:\Users\Admin\AppData\Local\Temp\8d95a74a6d9f41b621b94b1b0de72b70N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 408
  2⤵
  PID:2708

memory/2708-3-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/2760-0-0x0000000074B81000-0x0000000074B82000-memory.dmp

Filesize
4KB

Download
memory/2760-1-0x0000000074B80000-0x000000007512B000-memory.dmp

Filesize
5.7MB

Download
memory/2760-2-0x0000000074B80000-0x000000007512B000-memory.dmp

Filesize
5.7MB

Download
memory/2760-4-0x0000000074B80000-0x000000007512B000-memory.dmp

Filesize
5.7MB

Download