b8a1e46ef14be22cfa81ffe3ed1ed5bbcb7b976d0ddaae57e842123699ac7bfe

Analysis

max time kernel
140s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 08:48

Target

pluto/files/pScan.exe
Size

1.9MB
MD5

03b867083e6c7766c4829cfda776c01c
SHA1

52ce47d754f53e32afb7625b47a4cf4d21efc04c
SHA256

d023f36a47d4d81491c3ffc7192669199441d7388c159f59414b3b5f137c519a
SHA512

c906206f3a79d9921b8addc69e50b8c31b8b4191faa81b608dfce7295f1714a21a593145d2bb9e847a606ae093de26b641f49bcebe83fe2f88b9984d3799ae79
SSDEEP

24576:8v7kE2Ew+MCC5ac1+xJRAVoW0Qdz+Ec0xMkb8JsU3AoPqqItfGsDS:07kE2OMF5P+vPSgqqItfGsDS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 2360	1620	pScan.exe	29
PID 1620 wrote to memory of 2360	1620	pScan.exe	29
PID 1620 wrote to memory of 2360	1620	pScan.exe	29

C:\Users\Admin\AppData\Local\Temp\pluto\files\pScan.exe
"C:\Users\Admin\AppData\Local\Temp\pluto\files\pScan.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c title pScan Developed by: @the.red.team
  2⤵
  PID:2360

memory/1620-0-0x0000000000400000-0x0000000000508000-memory.dmp

Filesize
1.0MB

Download