d36071884086b10b302c2acd43c33d15fe73369b927ba9002d32db9409567241

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
18-09-2023 06:23

Target

migrate.exe
Size

527KB
MD5

e037f718b8cce79341ada551605a430b
SHA1

3cb5fd873c934859ebb3518bb0e2659afb1fd43e
SHA256

d36071884086b10b302c2acd43c33d15fe73369b927ba9002d32db9409567241
SHA512

4ece2e71e02a543e5d6ab9bece7ba4f467ca888ae5cfbcf40616ea233d3372bd37d199b33b6a725db0fc71a6e4210272b60a822cd8a76d8d6a5ebc8996c0abbb
SSDEEP

6144:OAWCdX5gCP7/rut/WunWx+rcn1taJZZsHrZa6Igy5RmK/MR/D2lDeDiXAR3AM7O1:rdonbg1fhbUO3A+vO4xQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2744	2792	migrate.exe	29
PID 2792 wrote to memory of 2744	2792	migrate.exe	29
PID 2792 wrote to memory of 2744	2792	migrate.exe	29

C:\Users\Admin\AppData\Local\Temp\migrate.exe
"C:\Users\Admin\AppData\Local\Temp\migrate.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2792 -s 548
  2⤵
  PID:2744

memory/2792-0-0x0000000000820000-0x00000000008A8000-memory.dmp

Filesize
544KB

Download
memory/2792-1-0x000007FEF5390000-0x000007FEF5D7C000-memory.dmp

Filesize
9.9MB

Download
memory/2792-2-0x000000001AD80000-0x000000001AE00000-memory.dmp

Filesize
512KB

Download
memory/2792-3-0x000007FEF5390000-0x000007FEF5D7C000-memory.dmp

Filesize
9.9MB

Download
memory/2792-4-0x000000001AD80000-0x000000001AE00000-memory.dmp

Filesize
512KB

Download