65dd64cc9bd5af31984d3028361129a0e77eb753bdd309437da1cd20e66b1d9d

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
07/11/2023, 13:54

Target

Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Platinum.exe
Size

768KB
MD5

1124b66dcc9b65ff340f3c84e52b381e
SHA1

82b8d41859526c9a3a10918c45d9fe6230bac48d
SHA256

6b2c44a1ac45ee9972ab1d83e7f4df8d92ec5b6554863461a609d20056cce14a
SHA512

f8e92489e0c9c22b8eb36f6ac967e668a7f9d02a5e0f7145ebcfe128aa5d4f882871acedd5d0120a2a8cb18aeac301737df504d4c84123d37a3e102eeafac73e
SSDEEP

12288:m2iNhTNB1SVVwYw03Qe6wn62zkRYRKnQ7s5A0eF/q2u6aZzQGaSC1ESY7A:m1RQ3Q3FEphw2vGaSC1ESY7A

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 1308	2108	Platinum.exe	28
PID 2108 wrote to memory of 1308	2108	Platinum.exe	28
PID 2108 wrote to memory of 1308	2108	Platinum.exe	28

C:\Users\Admin\AppData\Local\Temp\Platinum_Configurator_1.5.2.0\Application Files\Platinum_1_5_2_0\Platinum.exe
"C:\Users\Admin\AppData\Local\Temp\Platinum_Configurator_1.5.2.0\Application Files\Platinum_1_5_2_0\Platinum.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2108 -s 616
  2⤵
  PID:1308

memory/2108-0-0x0000000001070000-0x0000000001136000-memory.dmp

Filesize
792KB

Download
memory/2108-1-0x000007FEF55A0000-0x000007FEF5F8C000-memory.dmp

Filesize
9.9MB

Download
memory/2108-2-0x000000001B240000-0x000000001B2C0000-memory.dmp

Filesize
512KB

Download
memory/2108-3-0x000007FEF55A0000-0x000007FEF5F8C000-memory.dmp

Filesize
9.9MB

Download
memory/2108-4-0x000000001B240000-0x000000001B2C0000-memory.dmp

Filesize
512KB

Download