cabb148610fef40726c5b176e2a625c536e75354f95d12d7795f58617c374379

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18-01-2024 13:27

Target

crracked.exe
Size

604KB
MD5

c9b7bf105255e40b2b35830d013a90b1
SHA1

b9c0edcf799e8a23ef9cc6e75cdec07c74ae2692
SHA256

cabb148610fef40726c5b176e2a625c536e75354f95d12d7795f58617c374379
SHA512

1755fc76bdc5e9353f3b1d8a9abd25dfe3c98de70a58a6442ac60fea8f1043c168457c23bcc6a1bac1f84074c25b9759514be707780a140139027324405c144e
SSDEEP

12288:CfOeBsj4VdhXsACVlRqwCd/iq//sNcWJe:CfzBsMVLQVlRqw4KqjWs

Score

1^/10

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 3012	880	crracked.exe	29
PID 880 wrote to memory of 3012	880	crracked.exe	29
PID 880 wrote to memory of 3012	880	crracked.exe	29
PID 3012 wrote to memory of 3044	3012	cmd.exe	30
PID 3012 wrote to memory of 3044	3012	cmd.exe	30
PID 3012 wrote to memory of 3044	3012	cmd.exe	30
PID 3012 wrote to memory of 3052	3012	cmd.exe	31
PID 3012 wrote to memory of 3052	3012	cmd.exe	31
PID 3012 wrote to memory of 3052	3012	cmd.exe	31
PID 3012 wrote to memory of 3060	3012	cmd.exe	32
PID 3012 wrote to memory of 3060	3012	cmd.exe	32
PID 3012 wrote to memory of 3060	3012	cmd.exe	32
PID 880 wrote to memory of 2688	880	crracked.exe	33
PID 880 wrote to memory of 2688	880	crracked.exe	33
PID 880 wrote to memory of 2688	880	crracked.exe	33

C:\Users\Admin\AppData\Local\Temp\crracked.exe
"C:\Users\Admin\AppData\Local\Temp\crracked.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\crracked.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3012
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\crracked.exe" MD5
    3⤵
    PID:3044
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:3052
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:3060
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 880 -s 608
  2⤵
  PID:2688