025153faab21056472b13f00fb79a6bfb917e3fcd85eb4c08b7375e6e3e0cb87

Analysis

max time kernel
1557s
max time network
1563s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/02/2024, 14:39

Target

trigger.exe
Size

3.9MB
MD5

0d9659d907e2669a6b925fe1fdd2fe68
SHA1

ca2b9d8450c827625e4b0f8379685b3d247f2717
SHA256

025153faab21056472b13f00fb79a6bfb917e3fcd85eb4c08b7375e6e3e0cb87
SHA512

b1af46307dfc466d8743aeb19ce4cd303e1f15b5bfd13c68f479c18046a8cb48f222a4f51cef09459736dab4ec665c564c4a6e42054933145e8c2ffec3f5158f
SSDEEP

98304:Az92834b9W0v0DdmDDzh4MnBpS8vtjMkc:UdeJbgkjMkc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 1988	2852	trigger.exe	28
PID 2852 wrote to memory of 1988	2852	trigger.exe	28
PID 2852 wrote to memory of 1988	2852	trigger.exe	28

C:\Users\Admin\AppData\Local\Temp\trigger.exe
"C:\Users\Admin\AppData\Local\Temp\trigger.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2852 -s 668
  2⤵
  PID:1988

memory/2852-0-0x0000000000230000-0x0000000000622000-memory.dmp

Filesize
3.9MB

Download
memory/2852-1-0x000007FEF5FF0000-0x000007FEF69DC000-memory.dmp

Filesize
9.9MB

Download
memory/2852-2-0x0000000002720000-0x00000000027A0000-memory.dmp

Filesize
512KB

Download
memory/2852-3-0x000000001C380000-0x000000001C528000-memory.dmp

Filesize
1.7MB

Download
memory/2852-4-0x000007FEF5FF0000-0x000007FEF69DC000-memory.dmp

Filesize
9.9MB

Download