8a2e5e073d34f4fb7cda2040d30e23d60cb675b71120e0e2c39838015c66f306

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05-08-2024 11:01

Target

WaveKeyGen/obj/Release/net8.0/refint/WaveKeyGen.exe
Size

11KB
MD5

5f9d58deedacb41f874f3fb9fa8bf0e5
SHA1

b29d178658b40f9c981f146c39aefac755f0cb68
SHA256

9a48b8a0fe95b6c31ccdb704d88e13e183140018f3966295ed988166c98e21ce
SHA512

3a1b0a9842ae3c8206fa0c93b9c81a5ba73a8ed0cc35cfc94b38643319d821c27d49fdc345defbd77f5d70932d71ca3231e6ea6228d34c0c8a7c7da86efadebc
SSDEEP

192:th4Hase6qCoVgiJqfuEqx4O7zwXUJ9ENb4vVlxWZLv:jUOg7uEw4ODJ9ENeVlxWZL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2772	2684	WaveKeyGen.exe	31
PID 2684 wrote to memory of 2772	2684	WaveKeyGen.exe	31
PID 2684 wrote to memory of 2772	2684	WaveKeyGen.exe	31

C:\Users\Admin\AppData\Local\Temp\WaveKeyGen\obj\Release\net8.0\refint\WaveKeyGen.exe
"C:\Users\Admin\AppData\Local\Temp\WaveKeyGen\obj\Release\net8.0\refint\WaveKeyGen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2684 -s 484
  2⤵
  PID:2772

memory/2684-0-0x000007FEF59D3000-0x000007FEF59D4000-memory.dmp

Filesize
4KB

Download
memory/2684-1-0x0000000000290000-0x000000000029A000-memory.dmp

Filesize
40KB

Download
memory/2684-2-0x000007FEF59D3000-0x000007FEF59D4000-memory.dmp

Filesize
4KB

Download