e5d5ae98dab5cc0ff1e5936e97c6f2a462b61386ecca1c7a74a2a8cec578fda8

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 15:17

Target

GrudgeTerminator-main/pdf.exe
Size

15KB
MD5

231503fdb7c5942b8abb793e9af6de14
SHA1

d3f4dca0b5dc05b4d7a88162e25601a4e09edd26
SHA256

fea2299fb78e3146894b57d0f7eb3824e05475d5d040297518d10014e237133f
SHA512

33c96e10e7929106a3190dad1613093c30ffeb11f05f79811512e717c15410411a1dc7076b4ff91e1f8ae97f15c7b33fd756c3a66860289d479f8a75698de39f
SSDEEP

192:91BgBRfg4m42M07FXx6bLTJXQDOa/vYJGdX3yRh/xf002o5KV3:919MOXx62Df/OanoZMVoMF

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 1992	2068	pdf.exe	32
PID 2068 wrote to memory of 1992	2068	pdf.exe	32
PID 2068 wrote to memory of 1992	2068	pdf.exe	32
PID 2068 wrote to memory of 1992	2068	pdf.exe	32

C:\Users\Admin\AppData\Local\Temp\GrudgeTerminator-main\pdf.exe
"C:\Users\Admin\AppData\Local\Temp\GrudgeTerminator-main\pdf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:1992

memory/2068-0-0x00000000003E0000-0x00000000003EB000-memory.dmp

Filesize
44KB

Download