aee79791e6186b79bf0164dc334978af9d10a5c70af345ae5690949acd162a74

Resubmissions

09/06/2024, 14:42

09/06/2024, 14:29

max time kernel
52s
max time network
19s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 14:42

Target

129121540_2359416601_1804023753.exe
Size

1.1MB
MD5

aa68830dd0f0ef5274c7ab785fb95a37
SHA1

c09d2af1d51532e2c5d834a62078f8d383c82e91
SHA256

aee79791e6186b79bf0164dc334978af9d10a5c70af345ae5690949acd162a74
SHA512

bf57bdafaaa12bf9517c976a7c7e8e9dfb185e94e35a9d0a359552d27c8adb82a2b3e3ed03ebfbb7f5c48f174495fa9ba3387c18be99f8d4b2b982665e874aa5
SSDEEP

24576:RQYU7Lj4NQn77tPp4QhK2tbuLnflgNCa4MIM8mB3Bn2qfG/dpJGK:R/Qv4Ns77MiK2holgpr7n2IapQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 3004	2876	129121540_2359416601_1804023753.exe	28
PID 2876 wrote to memory of 3004	2876	129121540_2359416601_1804023753.exe	28
PID 2876 wrote to memory of 3004	2876	129121540_2359416601_1804023753.exe	28

C:\Users\Admin\AppData\Local\Temp\129121540_2359416601_1804023753.exe
"C:\Users\Admin\AppData\Local\Temp\129121540_2359416601_1804023753.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2876 -s 248
  2⤵
  PID:3004

memory/2876-0-0x000000013F980000-0x000000013FBED000-memory.dmp

Filesize
2.4MB

Download
memory/2876-1-0x0000000001E90000-0x0000000002E90000-memory.dmp

Filesize
16.0MB

Download
memory/2876-2-0x000000013F980000-0x000000013FBED000-memory.dmp

Filesize
2.4MB

Download
memory/2876-4-0x0000000001E90000-0x0000000002E90000-memory.dmp

Filesize
16.0MB

Download