2d892e65432b58585112e78deec5750652a25249dd4f56e0fd6d47fe7804baf1

Analysis

max time kernel
25s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24-07-2024 12:35

Target

Repo/bin/unam.exe
Size

129.3MB
MD5

9b9dbfc1da565ff50d7869c68d12178d
SHA1

e8c7e312d9848f95f17d72f45403ce0159777444
SHA256

17c277605769ede5442963fa5cad409a03c23077c34f9ed6a1f72835154294d3
SHA512

66491d4084594d0e4bbea3ac0224c691f43a023a45313056138d8494aeb80062ffba5f9c213fdc3b1b0ed07f38806d10bd3a39c80b872e45aaa824be7fb72751
SSDEEP

3145728:bajeamjoC0MCr7jkS4aJwVlwV7iGYQ07SLjl:baaamEC0MQkiv7i92

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2892	2384	unam.exe	31
PID 2384 wrote to memory of 2892	2384	unam.exe	31
PID 2384 wrote to memory of 2892	2384	unam.exe	31

C:\Users\Admin\AppData\Local\Temp\Repo\bin\unam.exe
"C:\Users\Admin\AppData\Local\Temp\Repo\bin\unam.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2384 -s 764
  2⤵
  PID:2892

memory/2384-0-0x000007FEF5413000-0x000007FEF5414000-memory.dmp

Filesize
4KB

Download
memory/2384-1-0x0000000000C80000-0x0000000001C80000-memory.dmp

Filesize
16.0MB

Download
memory/2384-2-0x000007FEF5410000-0x000007FEF5DFC000-memory.dmp

Filesize
9.9MB

Download
memory/2384-3-0x000007FEF5410000-0x000007FEF5DFC000-memory.dmp

Filesize
9.9MB

Download
memory/2384-4-0x000007FEF5410000-0x000007FEF5DFC000-memory.dmp

Filesize
9.9MB

Download
memory/2384-5-0x000007FEF5413000-0x000007FEF5414000-memory.dmp

Filesize
4KB

Download
memory/2384-6-0x000007FEF5410000-0x000007FEF5DFC000-memory.dmp

Filesize
9.9MB

Download
memory/2384-7-0x000007FEF5410000-0x000007FEF5DFC000-memory.dmp

Filesize
9.9MB

Download
memory/2384-8-0x000007FEF5410000-0x000007FEF5DFC000-memory.dmp

Filesize
9.9MB

Download