e971ac76bf7d9fd4bc2931b6e91e36ee81f54f3946a34add2ef7b016cfd6c114

Resubmissions

13/06/2024, 19:29

max time kernel
361s
max time network
363s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 19:29

Target

CbspdTechnicianStudyGuide.exe
Size

310.8MB
MD5

5b385506a34b48c14af838e6d63888e2
SHA1

078196bd9994be15d486b4bf57c3de07ec8398dc
SHA256

a73867417636975dbeb2352c62a1b72adccb9b1babfe937d7b5698fa21286e60
SHA512

3971758df9e27de8d13ba6b777020d493ae671e3ae0b0bfd3b38a962b5c9e4c5307ef33a6d1414a1f2b62af29bc42653febe1b55d46cfe0e08ebc2cbbc39db86
SSDEEP

49152:HRQM8rNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNp:en

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2752	2068	CbspdTechnicianStudyGuide.exe	28
PID 2068 wrote to memory of 2752	2068	CbspdTechnicianStudyGuide.exe	28
PID 2068 wrote to memory of 2752	2068	CbspdTechnicianStudyGuide.exe	28

C:\Users\Admin\AppData\Local\Temp\CbspdTechnicianStudyGuide.exe
"C:\Users\Admin\AppData\Local\Temp\CbspdTechnicianStudyGuide.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2068 -s 528
  2⤵
  PID:2752

memory/2068-0-0x000007FEF5B33000-0x000007FEF5B34000-memory.dmp

Filesize
4KB

Download
memory/2068-1-0x000000013FED0000-0x0000000140ED0000-memory.dmp

Filesize
16.0MB

Download
memory/2068-2-0x000007FEF5B33000-0x000007FEF5B34000-memory.dmp

Filesize
4KB

Download