068436912f008a35341b99be12c8af407cfccc4950fec63b59d88c0aa5c431f2

Analysis

max time kernel
38s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 22:16

Target

ClientManager.exe
Size

21.6MB
MD5

0992b1eeef7450b8bc151cfe5a578f61
SHA1

9cb6b223d6fa8f0d29a7fa6e58ff5f757640c780
SHA256

068436912f008a35341b99be12c8af407cfccc4950fec63b59d88c0aa5c431f2
SHA512

4ee7d380c31145601b2031ee1b68ac31ac2eed0d63af7db1615b3dcf92b99e17a3110156ea6ba9ba1e8ba632bfbf8697428cb99183d7977a67a3258e9a2178b7
SSDEEP

393216:p1iF+ktMM+f4V4sbzEcx2/CBfjCBleNo/6gh+Qb7ju6EQYz5gbi:p1Gp+fyNBQCBfjCB0jgzbORQj

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2320	ClientManager.exe
2320	ClientManager.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2320	ClientManager.exe
2320	ClientManager.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2760	2320	ClientManager.exe	30
PID 2320 wrote to memory of 2760	2320	ClientManager.exe	30
PID 2320 wrote to memory of 2760	2320	ClientManager.exe	30

C:\Users\Admin\AppData\Local\Temp\ClientManager.exe
"C:\Users\Admin\AppData\Local\Temp\ClientManager.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2320 -s 292
  2⤵
  PID:2760

memory/2320-0-0x000000013FD7D000-0x0000000140A81000-memory.dmp

Filesize
13.0MB

Download
memory/2320-5-0x0000000077040000-0x0000000077042000-memory.dmp

Filesize
8KB

Download
memory/2320-10-0x0000000077050000-0x0000000077052000-memory.dmp

Filesize
8KB

Download
memory/2320-8-0x0000000077050000-0x0000000077052000-memory.dmp

Filesize
8KB

Download
memory/2320-6-0x0000000077050000-0x0000000077052000-memory.dmp

Filesize
8KB

Download
memory/2320-3-0x0000000077040000-0x0000000077042000-memory.dmp

Filesize
8KB

Download
memory/2320-1-0x0000000077040000-0x0000000077042000-memory.dmp

Filesize
8KB

Download
memory/2320-14-0x000000013FD10000-0x0000000142021000-memory.dmp

Filesize
35.1MB

Download
memory/2320-13-0x000000013FD10000-0x0000000142021000-memory.dmp

Filesize
35.1MB

Download
memory/2320-15-0x000000013FD10000-0x0000000142021000-memory.dmp

Filesize
35.1MB

Download
memory/2320-16-0x000000013FD7D000-0x0000000140A81000-memory.dmp

Filesize
13.0MB

Download
memory/2320-17-0x000000013FD10000-0x0000000142021000-memory.dmp

Filesize
35.1MB

Download
memory/2320-18-0x000000013FD10000-0x0000000142021000-memory.dmp

Filesize
35.1MB

Download