87de141e9955d0207f13769d5122700bdb2a7842ef083d430af6ba44f97c67c2

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 10:28

Target

.dat/zclientpw.exe
Size

48KB
MD5

cf60d6664e51620552d60b5e99a576e6
SHA1

06321230d78c2f97b7d9a3f6a358155659788381
SHA256

e4d449af28a77631661cf42d300daec2ce8b551fcb9c4d5772cdeb9da420370e
SHA512

f96924ac1f8b4820d8b22f718bb31d0bb474bf2881bcd16d11f473011bd4d062120663b98a39417daec59560e6e6bca38517e7f942e984a8e55c8022b0820bc0
SSDEEP

768:hcJ8PUAgf4buuzfMVmpkkKgPMZ/VpFHSLM+so8gYkFQN:2RAgykBVpFHSir

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 2684	756	zclientpw.exe	30
PID 756 wrote to memory of 2684	756	zclientpw.exe	30
PID 756 wrote to memory of 2684	756	zclientpw.exe	30

C:\Users\Admin\AppData\Local\Temp\.dat\zclientpw.exe
"C:\Users\Admin\AppData\Local\Temp\.dat\zclientpw.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:756
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 464
  2⤵
  PID:2684

memory/756-0-0x000007FEF5C9E000-0x000007FEF5C9F000-memory.dmp

Filesize
4KB

Download
memory/756-1-0x000007FEF59E0000-0x000007FEF637D000-memory.dmp

Filesize
9.6MB

Download
memory/756-2-0x000007FEF59E0000-0x000007FEF637D000-memory.dmp

Filesize
9.6MB

Download
memory/756-3-0x000007FEF59E0000-0x000007FEF637D000-memory.dmp

Filesize
9.6MB

Download
memory/756-5-0x000007FEF59E0000-0x000007FEF637D000-memory.dmp

Filesize
9.6MB

Download
memory/756-6-0x000007FEF5C9E000-0x000007FEF5C9F000-memory.dmp

Filesize
4KB

Download
memory/2684-4-0x0000000001CA0000-0x0000000001CA1000-memory.dmp

Filesize
4KB

Download