f5136eaca4fbb73b86acaf75d45993bde14352298070ee0214f1eb98697869bc

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 00:33

Target

2024-09-02_17cc7c8f7f8d366c1f9ef9515eda298a_poet-rat_snatch.exe
Size

5.5MB
MD5

17cc7c8f7f8d366c1f9ef9515eda298a
SHA1

b10ab34cbb9c54aa2f1c9250c80e6d54ba9ad623
SHA256

f5136eaca4fbb73b86acaf75d45993bde14352298070ee0214f1eb98697869bc
SHA512

486cbef81017278085853a2c02c002db7915025afdbe0b202b07b1d76c071f2111a6afd4e2d87e214c226d16cc14e9f72b61a1d11466075a47440542e125cd14
SSDEEP

49152:zYuofzpBRenRLWZemECXQx2jqhw9Ugp+u5EM3KqFip52Zn5wSb:zSleRd7CPqhw9HESgpAQSb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 3068	2416	2024-09-02_17cc7c8f7f8d366c1f9ef9515eda298a_poet-rat_snatch.exe	29
PID 2416 wrote to memory of 3068	2416	2024-09-02_17cc7c8f7f8d366c1f9ef9515eda298a_poet-rat_snatch.exe	29
PID 2416 wrote to memory of 3068	2416	2024-09-02_17cc7c8f7f8d366c1f9ef9515eda298a_poet-rat_snatch.exe	29

C:\Users\Admin\AppData\Local\Temp\2024-09-02_17cc7c8f7f8d366c1f9ef9515eda298a_poet-rat_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-02_17cc7c8f7f8d366c1f9ef9515eda298a_poet-rat_snatch.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2416 -s 20
  2⤵
  PID:3068