938a4c8f585e50f1c8cabdfe1c58a9102e91ed828807f9579490723776894693

Analysis

max time kernel
62s
max time network
57s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 09:31

Target

Spectrum.exe
Size

57.7MB
MD5

5047503782e07bf3a02c9475cb59983e
SHA1

518ebc3f996148a52c52aeeca0319750e66b3337
SHA256

938a4c8f585e50f1c8cabdfe1c58a9102e91ed828807f9579490723776894693
SHA512

97612d225a4aeba2840783eff709c7156cefaa4fda1dd409e8412e5c2a287b2aa0dbb24dec76cc7a4e9fd91aa13347f2256a9b9f19c588f928b2a72f0b20ff15
SSDEEP

1572864:O1Zu5nDDgfGTsxsQ4GMb8mfS08eMzMZDcFVymPbg5sz1h2C8ZMB:O1uGxsQ4lfSGpZ7mPboszz8OB

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2568	2052	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2568	2052	Spectrum.exe	28
PID 2052 wrote to memory of 2568	2052	Spectrum.exe	28
PID 2052 wrote to memory of 2568	2052	Spectrum.exe	28
PID 2052 wrote to memory of 2568	2052	Spectrum.exe	28

C:\Users\Admin\AppData\Local\Temp\Spectrum.exe
"C:\Users\Admin\AppData\Local\Temp\Spectrum.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 1048
  2⤵
  - Program crash
  PID:2568

memory/2052-0-0x00000000748FE000-0x00000000748FF000-memory.dmp

Filesize
4KB

Download
memory/2052-1-0x0000000001270000-0x0000000004C26000-memory.dmp

Filesize
57.7MB

Download
memory/2052-2-0x00000000748F0000-0x0000000074FDE000-memory.dmp

Filesize
6.9MB

Download
memory/2052-3-0x00000000748FE000-0x00000000748FF000-memory.dmp

Filesize
4KB

Download
memory/2052-4-0x00000000748F0000-0x0000000074FDE000-memory.dmp

Filesize
6.9MB

Download
memory/2052-6-0x00000000748F0000-0x0000000074FDE000-memory.dmp

Filesize
6.9MB

Download