20a1d8455121ea50ab105ce0b39017d59aa2380419669a770408016cee482a96

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 22:21

Target

RoSploit.exe
Size

8KB
MD5

8539b5dac4160679fcc746420d1e71d9
SHA1

be68d5a07f917cb9f80b1d63b6d818c4335ff11b
SHA256

20a1d8455121ea50ab105ce0b39017d59aa2380419669a770408016cee482a96
SHA512

6091e6f5ade4d5e47089550b86d28fbf297657cfcbbabe0f460b46234eb31c03ed64caa6ab7bd5615bf05cfce917047e70f8e8c66c45b1ccc52a39244dcd1021
SSDEEP

96:yugnlTDWgTCSShPvZuIaiS00HqwNUM9zSmZyDtkrwD9/LRSDQAFcPIwUzNt:ypnl/WgjSinJFK+5SmmtkkDdLmBFTwe

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 2376	1916	RoSploit.exe	31
PID 1916 wrote to memory of 2376	1916	RoSploit.exe	31
PID 1916 wrote to memory of 2376	1916	RoSploit.exe	31

C:\Users\Admin\AppData\Local\Temp\RoSploit.exe
"C:\Users\Admin\AppData\Local\Temp\RoSploit.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1916 -s 504
  2⤵
  PID:2376

memory/1916-0-0x000007FEF4D53000-0x000007FEF4D54000-memory.dmp

Filesize
4KB

Download
memory/1916-1-0x0000000001310000-0x0000000001318000-memory.dmp

Filesize
32KB

Download
memory/1916-2-0x000007FEF4D53000-0x000007FEF4D54000-memory.dmp

Filesize
4KB

Download