a4b72bc722028cec151ea4989fc19607f6b78d7dba90ce89b23355cffab6a101

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16-09-2024 22:53

Target

report.exe
Size

171KB
MD5

0490e4682182beb78dbd1d38a0c06710
SHA1

21630d537409fc3543096ce2fbbff703a249cdf8
SHA256

b47ffaafc061171b1e974de37aa21fdc15fa27a70641e03b1c103cad70feb445
SHA512

9efc319632c067402e264b25157100082c6b7b10fe69447e081a174a2a4ec5b6cc7a5b8e487e83ff80d5e0c6760edea5dfdd197532cb7b65631ab6c67c4fffc6
SSDEEP

3072:EGq0qx4vehcVKrlgYTep7TReAQYgRU1f8Ev0VevFpP3Bm51bGAQJKuQ3:fq0qxvlyh7g/YgR4fJFpP3Bm51Ta

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 1200	2472	report.exe	30
PID 2472 wrote to memory of 1200	2472	report.exe	30
PID 2472 wrote to memory of 1200	2472	report.exe	30

C:\Users\Admin\AppData\Local\Temp\report.exe
"C:\Users\Admin\AppData\Local\Temp\report.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 452
  2⤵
  PID:1200

memory/1200-4-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/2472-0-0x000007FEF582E000-0x000007FEF582F000-memory.dmp

Filesize
4KB

Download
memory/2472-1-0x00000000001E0000-0x00000000001F2000-memory.dmp

Filesize
72KB

Download
memory/2472-2-0x000007FEF5570000-0x000007FEF5F0D000-memory.dmp

Filesize
9.6MB

Download
memory/2472-3-0x000007FEF5570000-0x000007FEF5F0D000-memory.dmp

Filesize
9.6MB

Download
memory/2472-5-0x000007FEF5570000-0x000007FEF5F0D000-memory.dmp

Filesize
9.6MB

Download
memory/2472-6-0x000007FEF582E000-0x000007FEF582F000-memory.dmp

Filesize
4KB

Download