e1348e51fe371cb5d9386da0df79662f54aba6898bc26ea5d0a9009882edbe73

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:42

Target

LimeRAT.exe
Size

7.0MB
MD5

5274a8bed7eca128522b484bab4926f3
SHA1

836494516df2f047ae92dfd8a3c4327ee02ce7c5
SHA256

e1348e51fe371cb5d9386da0df79662f54aba6898bc26ea5d0a9009882edbe73
SHA512

d5f6ecff670157400d57cceb22fdee94186871a63cac58fbb3574ad52d130dab5c6457df3a49730a13cf82f8c90900d150f3af9ad7bba746e7310152a9ae038a
SSDEEP

98304:4k9GaXbLa67dos6bI0LO6rAXeb+N99rtmpVzY+QubLmok3VHDiSYw:4k9BbB7Z0/wL99rtm1QubLmoU5Di

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 3008	2936	LimeRAT.exe	30
PID 2936 wrote to memory of 3008	2936	LimeRAT.exe	30
PID 2936 wrote to memory of 3008	2936	LimeRAT.exe	30

C:\Users\Admin\AppData\Local\Temp\LimeRAT.exe
"C:\Users\Admin\AppData\Local\Temp\LimeRAT.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2936 -s 608
  2⤵
  PID:3008

memory/2936-0-0x000007FEF5B83000-0x000007FEF5B84000-memory.dmp

Filesize
4KB

Download
memory/2936-1-0x0000000001240000-0x000000000193A000-memory.dmp

Filesize
7.0MB

Download
memory/2936-2-0x000007FEF5B80000-0x000007FEF656C000-memory.dmp

Filesize
9.9MB

Download
memory/2936-3-0x000007FEF5B83000-0x000007FEF5B84000-memory.dmp

Filesize
4KB

Download
memory/2936-4-0x000007FEF5B80000-0x000007FEF656C000-memory.dmp

Filesize
9.9MB

Download
memory/2936-5-0x000007FEF5B80000-0x000007FEF656C000-memory.dmp

Filesize
9.9MB

Download