6ee78b18ddb57ebb710f371d9c01b743fc7fb080527360a56d9981c56cdffffb

Analysis

max time kernel
45s
max time network
17s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
21-04-2024 20:33

Target

ORPALIS PaperScan Professional Edition 4.0.9 [PeskTop.com]/Crack/PaperScan64.exe
Size

9.4MB
MD5

f844081c212986712286ba7e7acc3d62
SHA1

da92a97e8de3ba0769200165d1e6742297391bea
SHA256

26106e3622caefcb06b7b0409637ed01959612b459aa9e369b0be9b76e362c91
SHA512

c6456c4db37428a383d5c0875f44bcfd28d87ec7299b3e02843790a93b51780aeb539a01cbf301fdebd643c11fe1b304736c863fc037a6865c7f14d0eb6a4e4e
SSDEEP

98304:N901mMMM+MMMQMMM+MMMxMMM+MMMLMMM+MMMgMMM+MMMRMMM+MMMHMMM+MMMcMME:N0zYs0+mfeISrU2KxU1b

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

PaperScan64.exe

description	pid	process	target process
PID 2244 wrote to memory of 2884	2244	PaperScan64.exe	WerFault.exe
PID 2244 wrote to memory of 2884	2244	PaperScan64.exe	WerFault.exe
PID 2244 wrote to memory of 2884	2244	PaperScan64.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\ORPALIS PaperScan Professional Edition 4.0.9 [PeskTop.com]\Crack\PaperScan64.exe
"C:\Users\Admin\AppData\Local\Temp\ORPALIS PaperScan Professional Edition 4.0.9 [PeskTop.com]\Crack\PaperScan64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2244 -s 528
  2⤵
  PID:2884

memory/2244-0-0x000000003F950000-0x00000000402BC000-memory.dmp

Filesize
9.4MB

Download
memory/2244-1-0x000007FEF5430000-0x000007FEF5E1C000-memory.dmp

Filesize
9.9MB

Download
memory/2244-2-0x000007FEF5430000-0x000007FEF5E1C000-memory.dmp

Filesize
9.9MB

Download