851beb66763265cd7ae6f4eb97a23da10ad2950db5f5013238a1b4ecfce468af

Analysis

max time kernel
37s
max time network
19s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 19:16

Target

BG3ModManager.exe
Size

710KB
MD5

428688620db9cbbee8cba82c72bb3ace
SHA1

7354c01e10233032538a11b4bb1edca1c427caeb
SHA256

851beb66763265cd7ae6f4eb97a23da10ad2950db5f5013238a1b4ecfce468af
SHA512

df7ef9d3a500451f234e27680b7ec9629e25c2993d27d5d833b3d2cc04be3814db255b1d24a6fa8b8b135d598139348605a3af0df98e62191ed5bc30b104c5c6
SSDEEP

12288:bEg6FwIvCpXlGkWiw2nyBL8JvRkiZ1vhd:oDwyCpXlGkUkyBLOkiX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2064	1948	BG3ModManager.exe	28
PID 1948 wrote to memory of 2064	1948	BG3ModManager.exe	28
PID 1948 wrote to memory of 2064	1948	BG3ModManager.exe	28

C:\Users\Admin\AppData\Local\Temp\BG3ModManager.exe
"C:\Users\Admin\AppData\Local\Temp\BG3ModManager.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1948 -s 628
  2⤵
  PID:2064

memory/1948-0-0x0000000000F90000-0x0000000001044000-memory.dmp

Filesize
720KB

Download
memory/1948-1-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/1948-2-0x000000001BFE0000-0x000000001C060000-memory.dmp

Filesize
512KB

Download
memory/1948-3-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/1948-4-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download