25de15512f17ee7907b27def06534a7e562483c46a03da5f8aa0ebb162055ad0

Analysis

max time kernel
45s
max time network
17s
platform
windows7_x64
resource
win7-20240419-es
resource tags

arch:x64arch:x86image:win7-20240419-eslocale:es-esos:windows7-x64systemwindows
submitted
11/05/2024, 18:33

Target

No Recoil Installer.exe
Size

838KB
MD5

7b8c0e66d1693cfc254c2e4f1dfd2d26
SHA1

3e0e7f07b84f840ddca93969f3dbbce278678ca3
SHA256

25de15512f17ee7907b27def06534a7e562483c46a03da5f8aa0ebb162055ad0
SHA512

1ad0f42c79a2dfeb088cba1423ed284d0f35a86c7e2a0972316bfc7b0a523e6e47369e0706798243b60f9d3b9933c4a3bb34c7d55bc577c457304f4c1be17fac
SSDEEP

12288:LtWXR6Bnf+Tac0RDffXJjyYpCMoNHSy5viczyIH047K0fXJjyppyO:xWXslf+2DR7BWYpCMo44l5O0BWppyO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2984	2996	No Recoil Installer.exe	28
PID 2996 wrote to memory of 2984	2996	No Recoil Installer.exe	28
PID 2996 wrote to memory of 2984	2996	No Recoil Installer.exe	28

C:\Users\Admin\AppData\Local\Temp\No Recoil Installer.exe
"C:\Users\Admin\AppData\Local\Temp\No Recoil Installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2996 -s 688
  2⤵
  PID:2984

memory/2996-0-0x000007FEF58A3000-0x000007FEF58A4000-memory.dmp

Filesize
4KB

Download
memory/2996-1-0x0000000001180000-0x0000000001250000-memory.dmp

Filesize
832KB

Download
memory/2996-2-0x000007FEF58A0000-0x000007FEF628C000-memory.dmp

Filesize
9.9MB

Download
memory/2996-3-0x000007FEF58A0000-0x000007FEF628C000-memory.dmp

Filesize
9.9MB

Download