8a2e5e073d34f4fb7cda2040d30e23d60cb675b71120e0e2c39838015c66f306

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 11:01

Target

WaveKeyGen/obj/Release/net8.0/WaveKeyGen.exe
Size

23KB
MD5

542b4f836e1d9fbda43dad713bc2ac20
SHA1

fe20c47098d6e6c961f8b101cc26eba2a7f03ae6
SHA256

87eb739f94da4a80e1e5e428e321f909c5c8a86532f0ea9739ecdabd6b620971
SHA512

b52e5ecb864e9b4dc69e0a95395950c2aadf2da4a23d3261077aae80a39a567f30cac5924b757db7c996c46e61c74c294280449c9bca8caadb811554c88bfc99
SSDEEP

384:auhlTPp2iYfSzYrOTX7YfN2bXrpY7GQJeHbfEkwPGyRZYVlxWZL:aABWSvXMlad1b0l

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 2156	1320	WaveKeyGen.exe	31
PID 1320 wrote to memory of 2156	1320	WaveKeyGen.exe	31
PID 1320 wrote to memory of 2156	1320	WaveKeyGen.exe	31

C:\Users\Admin\AppData\Local\Temp\WaveKeyGen\obj\Release\net8.0\WaveKeyGen.exe
"C:\Users\Admin\AppData\Local\Temp\WaveKeyGen\obj\Release\net8.0\WaveKeyGen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1320 -s 500
  2⤵
  PID:2156

memory/1320-0-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

Filesize
4KB

Download
memory/1320-1-0x00000000001F0000-0x00000000001FC000-memory.dmp

Filesize
48KB

Download
memory/1320-2-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

Filesize
4KB

Download