0db9ac02645846b5033b403a818544371046214bfedef7e70d44f5f825713c00

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 08:59

Target

WeaselDeployer.exe
Size

781KB
MD5

ac17c647e1d28dbee1d3005482e87848
SHA1

1eb73713a30de1e22b74622cb2f58dae97f8fa8d
SHA256

bd6580bee7dde9cb7dd8d972696abbc08aa047dd7259d98761de9738d6a2318d
SHA512

6c0983fb712626b0e9aed9d5d191bd4736bacde118acdcc25ad1ffcfd5f709b41981212e1b9e8fca9d216ac8bfd1c74cb1a6f10e98e28ea145fe544e5d730a1b
SSDEEP

12288:nYHieGJM0ByuMBBsDQEyPQOutZBC08K4VB1/3VcmdIur+GAaUBG9ND4h0XkeZah3:YSoFcEIur+9VG9NshqkgahgRurt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2980	2932	WeaselDeployer.exe	28
PID 2932 wrote to memory of 2980	2932	WeaselDeployer.exe	28
PID 2932 wrote to memory of 2980	2932	WeaselDeployer.exe	28

C:\Users\Admin\AppData\Local\Temp\WeaselDeployer.exe
"C:\Users\Admin\AppData\Local\Temp\WeaselDeployer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2932 -s 248
  2⤵
  PID:2980

memory/2932-0-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2932-1-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download