b7da3b3684234f6959fc1b0bd217f111faa5b4048c62b6339320144d790ac178

Analysis

max time kernel
98s
max time network
51s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10-10-2024 17:49

Target

Cina/Desktop (2)/KeyFreeze/Lock2/Windows Lock 2.0.vshost.exe
Size

13KB
MD5

f2f77b99cad96e1b6ca06169f3553f40
SHA1

d8dc079a82b4942f36e8d11a0ff88b97c098a64a
SHA256

9149c19a31ff9ca73bf60893e2dfaa8fbefec42de2a288b1b32c15ff730955ca
SHA512

b12b8461d9ebc96e9e2cca5da66cf342e7eacfcbe00ab50180433ded7ca2426837ec2d280171eb8e95f092097ab5dc64b895973be2e31103b8f27e9062bdd915
SSDEEP

192:JgmxBqWeVmWeo6oEQKPnEt2yt8mJz+jaIhj74r:OM0WqmWjnELKt8Cy/jcr

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Windows Lock 2.0.vshost.exe

description	pid	process	target process
PID 2184 wrote to memory of 2076	2184	Windows Lock 2.0.vshost.exe	dw20.exe
PID 2184 wrote to memory of 2076	2184	Windows Lock 2.0.vshost.exe	dw20.exe
PID 2184 wrote to memory of 2076	2184	Windows Lock 2.0.vshost.exe	dw20.exe

C:\Users\Admin\AppData\Local\Temp\Cina\Desktop (2)\KeyFreeze\Lock2\Windows Lock 2.0.vshost.exe
"C:\Users\Admin\AppData\Local\Temp\Cina\Desktop (2)\KeyFreeze\Lock2\Windows Lock 2.0.vshost.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
dw20.exe -x -s 912
2⤵
PID:2076

memory/2076-9-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/2184-0-0x000007FEF5EDE000-0x000007FEF5EDF000-memory.dmp

Filesize
4KB

Download
memory/2184-8-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp

Filesize
9.6MB

Download
memory/2184-10-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp

Filesize
9.6MB

Download