fcb106827586304ef102ff328b1b34333b85c4303eadf5d42e4cfed1d6c73c3a

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 23:50

Target

slinkyloader.exe
Size

25.2MB
MD5

ca41cfd4d850d565a4b04d5bdbc1dd7d
SHA1

2b5631164a819376064beb30510d6510fbbe9a66
SHA256

00d955824fb90b8e628e02d4b62fcdadd6fa0b08282246b1074796eb3f1be030
SHA512

1da7129e7ba1a0011c6e4277f0d448dcf256acad09b256a5e5c63b9c0658701deb57d6c1260c96b3fba89fa8dad02782f4c563bc0bd522d329749488ce75c384
SSDEEP

786432:TLP9NtAao+Z1bUSM8d0Rc/wA1anVLYEsF2hbo/m/:39Q1+ZtZMdRLjQ2hUu/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 1988	2532	slinkyloader.exe	30
PID 2532 wrote to memory of 1988	2532	slinkyloader.exe	30
PID 2532 wrote to memory of 1988	2532	slinkyloader.exe	30

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2532 -s 596
  2⤵
  PID:1988

memory/2532-0-0x000007FEF5253000-0x000007FEF5254000-memory.dmp

Filesize
4KB

Download
memory/2532-1-0x0000000000C70000-0x00000000025A0000-memory.dmp

Filesize
25.2MB

Download
memory/2532-2-0x000007FEF5250000-0x000007FEF5C3C000-memory.dmp

Filesize
9.9MB

Download
memory/2532-3-0x000007FEF5253000-0x000007FEF5254000-memory.dmp

Filesize
4KB

Download
memory/2532-4-0x000007FEF5250000-0x000007FEF5C3C000-memory.dmp

Filesize
9.9MB

Download