9ecbf28720a944bdd3f3c20cdb3f4da7f40da903b651be520348e01a8efa2504

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-04-2024 17:32

Target

kayflock-beta/byfron.exe
Size

15.1MB
MD5

027dcfe7428ee64267c19120bde8607a
SHA1

929621600cda0642861d57c3e39bc344f96f4926
SHA256

efd93048311e5feb5e853a5cff20112b6991ce662b8f8d90fa5377ef2aa16252
SHA512

155b4b18d59933b62602d934a197395d269d2011db8d3f0a86855e55f405fd66839ca6232c5d6075987750acc362d048d3783bbfd6940559f5924f3db2da50cd
SSDEEP

393216:dgCrScjgeDIC/tBmVczYo6kUFnURXrScjgeDIC/tBmVczYo6kUFnUR:VWcEe0ZVkUKWcEe0ZVkU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

byfron.exe

description	pid	process	target process
PID 2188 wrote to memory of 2160	2188	byfron.exe	WerFault.exe
PID 2188 wrote to memory of 2160	2188	byfron.exe	WerFault.exe
PID 2188 wrote to memory of 2160	2188	byfron.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\kayflock-beta\byfron.exe
"C:\Users\Admin\AppData\Local\Temp\kayflock-beta\byfron.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2188 -s 504
2⤵
PID:2160

memory/2188-1-0x0000000000FF0000-0x0000000001F0E000-memory.dmp

Filesize
15.1MB

Download
memory/2188-0-0x000007FEF6270000-0x000007FEF6C5C000-memory.dmp

Filesize
9.9MB

Download
memory/2188-2-0x000007FEF6270000-0x000007FEF6C5C000-memory.dmp

Filesize
9.9MB

Download