26c64c2fafcd264b8130462ff6e40a6498ec6937fe95d5e83964388ae9597c4d

Resubmissions

11-05-2024 09:02

11-05-2024 09:00

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 09:00

Target

Optimizer.exe
Size

2.4MB
MD5

cc4ed359031db8b3816f280a0cbda217
SHA1

537f393978f91eef2ac22ce82ee1b2f9c6dd2d72
SHA256

26c64c2fafcd264b8130462ff6e40a6498ec6937fe95d5e83964388ae9597c4d
SHA512

e443b5cb8b86a919a800825204624b651b5196e043d83529014625d7e161a6f7a6083857d2415eaa6293cf312389fbf39ea9a338307e8270dcc4812136e84077
SSDEEP

24576:S2mofuHtzyxlMOlJv8EC8KJWGlF+Bjk38WuBcAbwoA/BkjSHXP36RMG:S2msuHtzyxl+EC8KoVCSA/Bkj0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Optimizer.exe

description	pid	process	target process
PID 1700 wrote to memory of 2940	1700	Optimizer.exe	WerFault.exe
PID 1700 wrote to memory of 2940	1700	Optimizer.exe	WerFault.exe
PID 1700 wrote to memory of 2940	1700	Optimizer.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Optimizer.exe
"C:\Users\Admin\AppData\Local\Temp\Optimizer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1700

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1700 -s 748
2⤵
PID:2940

memory/1700-0-0x000007FEF5823000-0x000007FEF5824000-memory.dmp

Filesize
4KB

Download
memory/1700-1-0x0000000001220000-0x000000000148A000-memory.dmp

Filesize
2.4MB

Download
memory/1700-2-0x00000000003D0000-0x0000000000482000-memory.dmp

Filesize
712KB

Download
memory/1700-23-0x000007FEF5820000-0x000007FEF620C000-memory.dmp

Filesize
9.9MB

Download
memory/1700-25-0x000007FEF5823000-0x000007FEF5824000-memory.dmp

Filesize
4KB

Download
memory/1700-26-0x000007FEF5820000-0x000007FEF620C000-memory.dmp

Filesize
9.9MB

Download