58bb9a24f3f3f81bba4e14c660d8ab392f4ba7b375a56fafd40a3add6b50dbfe

Analysis

max time kernel
28s
max time network
18s
platform
windows7_x64
resource
win7-20240704-es
resource tags

arch:x64arch:x86image:win7-20240704-eslocale:es-esos:windows7-x64systemwindows
submitted
26/07/2024, 01:19

Target

HyperX NGENUITY Installer.exe
Size

843KB
MD5

a30a9be69cd6c9b67e8098ddfda6a94a
SHA1

309586c069dca8d30f57428cb381caaeceb6663f
SHA256

58bb9a24f3f3f81bba4e14c660d8ab392f4ba7b375a56fafd40a3add6b50dbfe
SHA512

54317d5bfce16f86540fdf5585b6571c7581622a88ab3a52d5c76ca0e6399beaa4efa2921c9c243cfb9b1e46cd9fe4c7b0ce0fc9007e4b3875a5e5615636c100
SSDEEP

12288:Fv+6GAIA3+Tac0RDffXJjyYp9poNHSy5viczBBH0N7KafXJjyJpB:EbAI2+2DR7BWYp9po44HEOaBWJpB

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2460	2408	HyperX NGENUITY Installer.exe	30
PID 2408 wrote to memory of 2460	2408	HyperX NGENUITY Installer.exe	30
PID 2408 wrote to memory of 2460	2408	HyperX NGENUITY Installer.exe	30

C:\Users\Admin\AppData\Local\Temp\HyperX NGENUITY Installer.exe
"C:\Users\Admin\AppData\Local\Temp\HyperX NGENUITY Installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2408 -s 680
  2⤵
  PID:2460

memory/2408-0-0x000007FEF59B3000-0x000007FEF59B4000-memory.dmp

Filesize
4KB

Download
memory/2408-1-0x0000000000380000-0x0000000000452000-memory.dmp

Filesize
840KB

Download
memory/2408-2-0x000007FEF59B0000-0x000007FEF639C000-memory.dmp

Filesize
9.9MB

Download
memory/2408-3-0x000007FEF59B3000-0x000007FEF59B4000-memory.dmp

Filesize
4KB

Download
memory/2408-4-0x000007FEF59B0000-0x000007FEF639C000-memory.dmp

Filesize
9.9MB

Download
memory/2408-5-0x000007FEF59B0000-0x000007FEF639C000-memory.dmp

Filesize
9.9MB

Download