2b4973b609c72e3b6cb5a2aec425b3a70d937b42d9e3a443a4ce956384f29154

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 08:53

Target

TrayStatus.exe
Size

3.4MB
MD5

659ddd8e403cde0e6403d605829d0f3b
SHA1

c76efe026ba7761563b889d7ff5dc47f37ce8e89
SHA256

bf5d0e8f30d74f2b00fcd1c5ee90c800b81c9b371e162b884278518925daab84
SHA512

44eb56bd5bd77dc886d3cc8eda1e2c2b503d605766b2e72444141f3c48b691bbd2ee807b54242c9530f9b9cc17f2a413b69256b5f8302b9946efa0c77be72906
SSDEEP

24576:zSmQNUVspfgt3kkdz4xnZIRRhF4B/2xGUBd9XEln7PyxOHjKGEPQEGXdnExQ8h76:/8oxYB/2xDXynSOHjkoFXqy8yN+fF14

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 316 wrote to memory of 2284	316	TrayStatus.exe	28
PID 316 wrote to memory of 2284	316	TrayStatus.exe	28
PID 316 wrote to memory of 2284	316	TrayStatus.exe	28

C:\Users\Admin\AppData\Local\Temp\TrayStatus.exe
"C:\Users\Admin\AppData\Local\Temp\TrayStatus.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:316
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 316 -s 532
  2⤵
  PID:2284

memory/316-0-0x000007FEF5563000-0x000007FEF5564000-memory.dmp

Filesize
4KB

Download
memory/316-1-0x0000000000CC0000-0x0000000001026000-memory.dmp

Filesize
3.4MB

Download
memory/316-2-0x00000000003C0000-0x00000000003CA000-memory.dmp

Filesize
40KB

Download
memory/316-3-0x000007FEF5560000-0x000007FEF5F4C000-memory.dmp

Filesize
9.9MB

Download
memory/316-4-0x000007FEF5563000-0x000007FEF5564000-memory.dmp

Filesize
4KB

Download
memory/316-5-0x000007FEF5560000-0x000007FEF5F4C000-memory.dmp

Filesize
9.9MB

Download