cf2cd72c92dccd43d650a6b36315fcef92e9b37b9b458042dd14a3d485556b01

Analysis

max time kernel
46s
max time network
16s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-02-2024 15:30

Target

Spy Note 6.4/SpyNote Cracked.exe
Size

6.1MB
MD5

b4bb4a074169545d22ad0278e66ec96b
SHA1

c386177d35f0959fa55606df1bb6995b46030c61
SHA256

b3ca2f2cc15a16fc390172a9507337dc1f73d3501b46e2c761238171456654ae
SHA512

c0374732df1bdc15fac5229019d2962485d9a221b970690c1d2e6eb0af6401b0c98fc5d9e1584b7896e28c122afb1faa196ae5ba441f234a522c2746c5931998
SSDEEP

98304:Op2AEpDZEXXZlZYZlbHn7CFK5PnOSPz3ZhqARLlJQHagle:OQvdZEXpGbH7CU9OiphhxlJJg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

SpyNote Cracked.exe

description	pid	process	target process
PID 1948 wrote to memory of 3032	1948	SpyNote Cracked.exe	WerFault.exe
PID 1948 wrote to memory of 3032	1948	SpyNote Cracked.exe	WerFault.exe
PID 1948 wrote to memory of 3032	1948	SpyNote Cracked.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Spy Note 6.4\SpyNote Cracked.exe
"C:\Users\Admin\AppData\Local\Temp\Spy Note 6.4\SpyNote Cracked.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1948

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1948 -s 564
2⤵
PID:3032

memory/1948-1-0x000007FEF5430000-0x000007FEF5E1C000-memory.dmp

Filesize
9.9MB

Download
memory/1948-0-0x00000000007C0000-0x0000000000DE0000-memory.dmp

Filesize
6.1MB

Download
memory/1948-2-0x0000000002470000-0x00000000024EA000-memory.dmp

Filesize
488KB

Download
memory/1948-3-0x000000001B720000-0x000000001B7A0000-memory.dmp

Filesize
512KB

Download
memory/1948-4-0x000007FEF5430000-0x000007FEF5E1C000-memory.dmp

Filesize
9.9MB

Download