6d3d5b793f9f254375b20dabf7a238e197bd9c41d76972355798bad0f627f070

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-09-2024 16:21

Target

5f505be89747969738eef0b4686ecfa0N.exe
Size

16KB
MD5

5f505be89747969738eef0b4686ecfa0
SHA1

d32d89ffd2738954d626847fdf19c5f5fea3257d
SHA256

6d3d5b793f9f254375b20dabf7a238e197bd9c41d76972355798bad0f627f070
SHA512

45c3834c8111849900e0c9fca6d93400120ea368011ea2dd476af00e81c69de3ae605387d74cc389e81ce1b23f6affb469fbb99e9143190ec2e2f43cc1be4cdc
SSDEEP

192:D9wcSzji9GczuLvccqgmcupGwCKjIPk39IP3eYrlvqm2x8LET:pwliGYuLvccbmBywknPl8Ci

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 276 wrote to memory of 2312	276	5f505be89747969738eef0b4686ecfa0N.exe	32
PID 276 wrote to memory of 2312	276	5f505be89747969738eef0b4686ecfa0N.exe	32
PID 276 wrote to memory of 2312	276	5f505be89747969738eef0b4686ecfa0N.exe	32

C:\Users\Admin\AppData\Local\Temp\5f505be89747969738eef0b4686ecfa0N.exe
"C:\Users\Admin\AppData\Local\Temp\5f505be89747969738eef0b4686ecfa0N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:276
- C:\Windows\system32\calc.exe
  calc.exe
  2⤵
  PID:2312

memory/276-0-0x0000000000050000-0x0000000000051000-memory.dmp

Filesize
4KB

Download
memory/276-1-0x000000013FB00000-0x000000013FB0D000-memory.dmp

Filesize
52KB

Download