ed8bee1b6a918b784a21695a7f78c9ccd96a3025b3c528cbee153df1159431d6

Analysis

max time kernel
23s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 11:58 UTC

Target

entry_1_0/ibaCCService.exe
Size

79KB
MD5

27f54ae02306c4e217c45bf36dca82f6
SHA1

3700ed7f21dbc792aa7b56de2e17e79689e76dea
SHA256

bbaaad6ad49744540e031c803983493d457c10315a0d935256da6fc85ec0de44
SHA512

eb2501d0c6be0dbe6040cf1e47bd0501fabaf82dc8759df57ad591e0d072021b984efb615556bc987971ba84d8b36be1361ba13e7c48ff11e5d57b6292fb6e6f
SSDEEP

384:ncfngczhfvbWjO5kInh+2QXNOSczhfRhyIYi4wPD5oIYa5BiAM+o/8E9VF0Nyi33:n06OJh+bXohfYi7PFfviAMxkEzA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 3044	2104	ibaCCService.exe	30
PID 2104 wrote to memory of 3044	2104	ibaCCService.exe	30
PID 2104 wrote to memory of 3044	2104	ibaCCService.exe	30

C:\Users\Admin\AppData\Local\Temp\entry_1_0\ibaCCService.exe
"C:\Users\Admin\AppData\Local\Temp\entry_1_0\ibaCCService.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2104 -s 504
  2⤵
  PID:3044

memory/2104-0-0x000007FEF5903000-0x000007FEF5904000-memory.dmp

Filesize
4KB

Download
memory/2104-1-0x00000000002E0000-0x00000000002F6000-memory.dmp

Filesize
88KB

Download
memory/2104-2-0x000007FEF5903000-0x000007FEF5904000-memory.dmp

Filesize
4KB

Download