8a2e5e073d34f4fb7cda2040d30e23d60cb675b71120e0e2c39838015c66f306

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05-08-2024 11:01

Target

WaveKeyGen/obj/Debug/net8.0/refint/WaveKeyGen.exe
Size

11KB
MD5

b469f0d19fe34a33361dd228945df291
SHA1

662679b8353aeeef6b4e578a217a606d8a99c42c
SHA256

e0b35ca5f2e92a7a9c1578eabcc2e686743a9a5e8a454bec46eb521ececc21a7
SHA512

be0f2fafeeb5a4f76511c51bd5add4716729e5885f4ffa27f742d9bec00b2a0e6740996b42843dc51877334bb1be1f68282964a3b8dfa5dba0b5d1d75a635267
SSDEEP

192:qTe4e+q14raaTs68qqu9p4OgtwXUb9EObmGVgVlxWZLv:qPJqKraus68q74O8b9EOCGOVlxWZL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 2816	1824	WaveKeyGen.exe	31
PID 1824 wrote to memory of 2816	1824	WaveKeyGen.exe	31
PID 1824 wrote to memory of 2816	1824	WaveKeyGen.exe	31

C:\Users\Admin\AppData\Local\Temp\WaveKeyGen\obj\Debug\net8.0\refint\WaveKeyGen.exe
"C:\Users\Admin\AppData\Local\Temp\WaveKeyGen\obj\Debug\net8.0\refint\WaveKeyGen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1824 -s 484
  2⤵
  PID:2816

memory/1824-0-0x000007FEF5013000-0x000007FEF5014000-memory.dmp

Filesize
4KB

Download
memory/1824-1-0x0000000000160000-0x000000000016A000-memory.dmp

Filesize
40KB

Download
memory/1824-2-0x000007FEF5013000-0x000007FEF5014000-memory.dmp

Filesize
4KB

Download