ba85889bc2e7093a0db3b812c066269462cd8c490db50ffc85baf4ef197017da

Analysis

max time kernel
19s
max time network
19s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 11:07

Target

stub.exe
Size

50KB
MD5

0a50b0afc7d7fa53ec7c256282b93f93
SHA1

591e045ae8414693192dfd8a8e171d1d009be105
SHA256

437e17cb122b5fb733e78033a5c9739f1feba914efe01038bfe00df8d7840963
SHA512

b5b68c50027098a0dea889b9a865233e993a9e69504ae4c6da83aa9e24260450d84a37617a1a643fa6d41aadaa542d588e8b730a13752904324d2372b846e49d
SSDEEP

768:h3ZAtmLo0KOttHAh8MTKIh1GQX//WoHTCUJrhYVPvWo9UbgYv1rrl:h3ZAtmyiuh/bGQmoA/UbgYdF

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2128	2716	stub.exe	30
PID 2716 wrote to memory of 2128	2716	stub.exe	30
PID 2716 wrote to memory of 2128	2716	stub.exe	30

C:\Users\Admin\AppData\Local\Temp\stub.exe
"C:\Users\Admin\AppData\Local\Temp\stub.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 648
  2⤵
  PID:2128

memory/2128-4-0x0000000001D90000-0x0000000001D91000-memory.dmp

Filesize
4KB

Download
memory/2716-0-0x000007FEF63BE000-0x000007FEF63BF000-memory.dmp

Filesize
4KB

Download
memory/2716-1-0x000007FEF6100000-0x000007FEF6A9D000-memory.dmp

Filesize
9.6MB

Download
memory/2716-2-0x000007FEF6100000-0x000007FEF6A9D000-memory.dmp

Filesize
9.6MB

Download
memory/2716-3-0x000007FEF6100000-0x000007FEF6A9D000-memory.dmp

Filesize
9.6MB

Download
memory/2716-5-0x000007FEF6100000-0x000007FEF6A9D000-memory.dmp

Filesize
9.6MB

Download