f83aca41b988d4d354feaa59a0c92c06613e219146dc5bae8c94470a95ba80a4

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-04-2024 22:41

Target

FWA.exe
Size

11.8MB
MD5

4ba26e7d7367d61f158f3dfd24d9e097
SHA1

3515014772e298f5802ba1a243f0d4afdd2b296c
SHA256

f83aca41b988d4d354feaa59a0c92c06613e219146dc5bae8c94470a95ba80a4
SHA512

41c56fde263ec0cc2db8eb3991c711bb33ef69c0e88736cf3edbd542e7d7f40e0b5dbfe6a9ace3113a595acc8b0e64327b574672f85e3c026d1c7273bec4ce46
SSDEEP

196608:KXRW8m1qqdO0O+H5FMx9BaXD+fvyl/nxSbRQtl05JSFIS2ZkmMBgVfrQC:KXRqtdOlwFMnMzKqFn0NAIJGkFCghrQC

Score

7^/10

pid	process
2232	FWA.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

FWA.exe

description	pid	process	target process
PID 2232 wrote to memory of 2180	2232	FWA.exe	splwow64.exe
PID 2232 wrote to memory of 2180	2232	FWA.exe	splwow64.exe
PID 2232 wrote to memory of 2180	2232	FWA.exe	splwow64.exe
PID 2232 wrote to memory of 2180	2232	FWA.exe	splwow64.exe

\Users\Admin\AppData\Local\Temp\gm_ttt_59900\D3DX8.dll
Filesize
484KB

MD5
74529599302a2e09c30b1e119a0709f2

SHA1
5990f60194ecafaf43340e44657d224f8d5682eb

SHA256
edfc5f86be36c2c509e4ad6ba3742bb5b2429a56de805a99771e24fec62b076a

SHA512
25d1c2bc15f5d20f3d69a2c20727e4e2cbb7086aa18ec535eea2a5766302b031c12b9139467b717537300e1497102b387dcc3f53ca5ff11f5301de672efe4b07

Download Submit
memory/2232-0-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2232-6-0x0000000000400000-0x0000000000655000-memory.dmp

Filesize
2.3MB

Download
memory/2232-9-0x0000000000400000-0x0000000000655000-memory.dmp

Filesize
2.3MB

Download