1d86803e7be8d5ee12c27c86f224854e611c0ac9e3271ce26ef5a84fb7346107

Analysis

max time kernel
43s
max time network
16s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-06-2024 18:05

Target

XClient.exe
Size

254KB
MD5

cf1618f1cf37cd5ca7fb0349f75df3b0
SHA1

5a70dbd1e88c186fdcb468928b7a8d390479fe17
SHA256

1d86803e7be8d5ee12c27c86f224854e611c0ac9e3271ce26ef5a84fb7346107
SHA512

c8b5f8d90eb3834c5e6c116df4424dbbc347170746edcc515399bf8cf20a23b3f8a80798d6a0b877aff488308797c285422d26a67b2521c3a1446f364e3a50b6
SSDEEP

3072:Y+LZAXYy0hhf+8yx4AXolabxCmHKtb5FLgKDxpX21wKKibuS+8R4NpVq8BxFRzaZ:PAoy0hhfCltChuK9N21wsgVqwlL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 1956	2368	XClient.exe	28
PID 2368 wrote to memory of 1956	2368	XClient.exe	28
PID 2368 wrote to memory of 1956	2368	XClient.exe	28

C:\Users\Admin\AppData\Local\Temp\XClient.exe
"C:\Users\Admin\AppData\Local\Temp\XClient.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2368 -s 556
  2⤵
  PID:1956

memory/2368-0-0x000007FEF5223000-0x000007FEF5224000-memory.dmp

Filesize
4KB

Download
memory/2368-1-0x0000000000BE0000-0x0000000000C26000-memory.dmp

Filesize
280KB

Download
memory/2368-2-0x00000000002C0000-0x0000000000316000-memory.dmp

Filesize
344KB

Download
memory/2368-3-0x000007FEF5223000-0x000007FEF5224000-memory.dmp

Filesize
4KB

Download