330347b0883066390edf5949e4de07ec47aa264f83c3f4f634426bb92e86692b

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 08:18

Target

TeX2img/TeX2imgc.exe
Size

7KB
MD5

f711586915291e7c63bb3d22fdd8104a
SHA1

44f22b40d810e3d874109b7dcce76b703fb99ba7
SHA256

781c63e01d5962f17dd0fdbfde1605c9d3a6e27bdef139c40647909b87f822d2
SHA512

94b032e6c56a51ad02cd4ce6ecd84ed84804814684f8dbc99dab96d58817545cc3b86a963cc163409eace9d162f1309ed1c505a1ca22c9fa9f0b2529e66c8481
SSDEEP

96:EkE3FR+oHVVmEmZOcwqY+3WRCSqa2r37z+BwZ+t5MCyX9LIT5zNt:EkE3FR+ojm4cUw3X7zZZ+t5MCE9Lk7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2904	2712	TeX2imgc.exe	32
PID 2712 wrote to memory of 2904	2712	TeX2imgc.exe	32
PID 2712 wrote to memory of 2904	2712	TeX2imgc.exe	32

C:\Users\Admin\AppData\Local\Temp\TeX2img\TeX2imgc.exe
"C:\Users\Admin\AppData\Local\Temp\TeX2img\TeX2imgc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Users\Admin\AppData\Local\Temp\TeX2img\tex2img.exe
  "C:\Users\Admin\AppData\Local\Temp\TeX2img\tex2img.exe" /nogui
  2⤵
  PID:2904

memory/2712-0-0x000007FEF51D3000-0x000007FEF51D4000-memory.dmp

Filesize
4KB

Download
memory/2712-1-0x00000000003E0000-0x00000000003E8000-memory.dmp

Filesize
32KB

Download
memory/2904-2-0x0000000000F30000-0x000000000124C000-memory.dmp

Filesize
3.1MB

Download
memory/2904-3-0x000007FEF51D0000-0x000007FEF5BBC000-memory.dmp

Filesize
9.9MB

Download
memory/2904-4-0x000007FEF51D0000-0x000007FEF5BBC000-memory.dmp

Filesize
9.9MB

Download
memory/2904-7-0x000007FEF51D0000-0x000007FEF5BBC000-memory.dmp

Filesize
9.9MB

Download
memory/2904-8-0x000007FEF51D0000-0x000007FEF5BBC000-memory.dmp

Filesize
9.9MB

Download