bb19b002df31e1196b4e6530cf54c449e9cf1383d3adc5334a0442fa96b36344

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 14:00

Target

Umbral.builder.exe
Size

114KB
MD5

d91fb6867df7e4303d98b5e90faae73c
SHA1

496f53ad8cd9381f1c1b577a73e978081002c1db
SHA256

bb19b002df31e1196b4e6530cf54c449e9cf1383d3adc5334a0442fa96b36344
SHA512

5dbcfe9bf567c6f1e18027950726af1835ab8b363ba8b040fd379b4cfe94b0894bc969b3c04fa4f1964b441a7b894bd4d37f3aabe3ea31396687a6ca093cfdc9
SSDEEP

3072:aumr2q8XTs/8wEQuKqAFCq8FBJGgMMlpVFPo6QoJ7j:aumr2q8XTs/8wEQJhCqbsVehy7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 2116	1612	Umbral.builder.exe	28
PID 1612 wrote to memory of 2116	1612	Umbral.builder.exe	28
PID 1612 wrote to memory of 2116	1612	Umbral.builder.exe	28

C:\Users\Admin\AppData\Local\Temp\Umbral.builder.exe
"C:\Users\Admin\AppData\Local\Temp\Umbral.builder.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1612 -s 612
  2⤵
  PID:2116

memory/1612-0-0x0000000000AE0000-0x0000000000B02000-memory.dmp

Filesize
136KB

Download
memory/1612-1-0x000007FEF5750000-0x000007FEF613C000-memory.dmp

Filesize
9.9MB

Download
memory/1612-2-0x00000000022F0000-0x0000000002370000-memory.dmp

Filesize
512KB

Download
memory/1612-3-0x000007FEF5750000-0x000007FEF613C000-memory.dmp

Filesize
9.9MB

Download
memory/1612-4-0x00000000022F0000-0x0000000002370000-memory.dmp

Filesize
512KB

Download