90f450cc5ee4180070ea0362a2c072907e5762872df131c550474369134a1fb9

Resubmissions

09/07/2024, 16:08

max time kernel
140s
max time network
131s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 16:08

Target

bin/gspawn-win64-helper-console.exe
Size

137KB
MD5

045e476f32623fab99309bd567575675
SHA1

edc51e39ce1358ea0aa2d5723916f3a2460ef79a
SHA256

9eef610a87bfd60dc87190ea60de46a6fa8b6323393851abfec1c037edfe13c2
SHA512

04866de28b6591e220fcdb1f5183785fc915d347d781169076b525387ab2c67815586940e2708eb0df683414ae05daca8201b7da69b3bf2bfae90d0a32e5b4a6
SSDEEP

1536:8xpJwXWymOmU9S3Mu4vM6C3RhGjr9OyQfA6f/4BVF:8JBqqzMiYN

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 696 wrote to memory of 2032	696	gspawn-win64-helper-console.exe	32
PID 696 wrote to memory of 2032	696	gspawn-win64-helper-console.exe	32
PID 696 wrote to memory of 2032	696	gspawn-win64-helper-console.exe	32

C:\Users\Admin\AppData\Local\Temp\bin\gspawn-win64-helper-console.exe
"C:\Users\Admin\AppData\Local\Temp\bin\gspawn-win64-helper-console.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:696
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 696 -s 132
  2⤵
  PID:2032

memory/696-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/696-2-0x0000000069140000-0x0000000069183000-memory.dmp

Filesize
268KB

Download
memory/696-1-0x00000000649C0000-0x0000000064FC4000-memory.dmp

Filesize
6.0MB

Download
memory/696-4-0x0000000066000000-0x00000000661BD000-memory.dmp

Filesize
1.7MB

Download
memory/696-3-0x0000000061CC0000-0x0000000061D40000-memory.dmp

Filesize
512KB

Download