9895f823394e434bb9a8ae10a3086960e5d60b10ef5c3877e4bed7b9411a9710

Resubmissions

09-06-2024 06:47

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 06:47

Target

SummerAfternoon.exe
Size

105KB
MD5

3969fb2b3f1aba78dd50c3cb6b4e2137
SHA1

b6fbd3cebda92a633369cbb979147ab645374d3b
SHA256

9895f823394e434bb9a8ae10a3086960e5d60b10ef5c3877e4bed7b9411a9710
SHA512

48b83334c8318c83c9122c44a26b02074c45bfed5ebd845b8ae4cc23957bda875473390ab2f91e46632eaef246c498ca63a3ef2df24771758296646bb4fb7c4e
SSDEEP

3072:9GbNdhPc9aHE6j7F7I6jmBJqUYfWcE/ishP7KIz1+Km/J:9GbNdtc9wdh7T6bqUQo/ish+s

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 1640	1688	SummerAfternoon.exe	28
PID 1688 wrote to memory of 1640	1688	SummerAfternoon.exe	28
PID 1688 wrote to memory of 1640	1688	SummerAfternoon.exe	28

C:\Users\Admin\AppData\Local\Temp\SummerAfternoon.exe
"C:\Users\Admin\AppData\Local\Temp\SummerAfternoon.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1688 -s 604
  2⤵
  PID:1640

memory/1688-0-0x000007FEF51A3000-0x000007FEF51A4000-memory.dmp

Filesize
4KB

Download
memory/1688-1-0x000000013FDC0000-0x000000013FDDE000-memory.dmp

Filesize
120KB

Download
memory/1688-2-0x000007FEF51A0000-0x000007FEF5B8C000-memory.dmp

Filesize
9.9MB

Download
memory/1688-3-0x000007FEF51A3000-0x000007FEF51A4000-memory.dmp

Filesize
4KB

Download
memory/1688-4-0x000007FEF51A0000-0x000007FEF5B8C000-memory.dmp

Filesize
9.9MB

Download