458a3e833f3179c09c948daccef9356a55fc790ec7a717a794ae464a36cd110c

Analysis

max time kernel
4s
max time network
0s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 19:30

Target

LosslessScaling.exe
Size

964KB
MD5

48d6c40eefc7b422db85859172d027ab
SHA1

20d2e9ee8f5c1b8de2ad147d359274eb0ce987d3
SHA256

458a3e833f3179c09c948daccef9356a55fc790ec7a717a794ae464a36cd110c
SHA512

04205a85002f3a10d043729fd8b1c5aa66d5399b2404b418d78df671858b90478dd5e5db687e53e742fcabb7203824e77aad659662f87fdfd2f09ea3c3d4f599
SSDEEP

12288:YGoRUEDS4MCLSyf6mOuGyW38yHJc+CKtOaO5Z7WhaGwnzE4ZbuRCwmhI2J+0sDmP:ZoRNtMCLPf1Oi32OvzTo4ZiRlT/KFB

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2932	2408	LosslessScaling.exe	28
PID 2408 wrote to memory of 2932	2408	LosslessScaling.exe	28
PID 2408 wrote to memory of 2932	2408	LosslessScaling.exe	28

C:\Users\Admin\AppData\Local\Temp\LosslessScaling.exe
"C:\Users\Admin\AppData\Local\Temp\LosslessScaling.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2408 -s 644
  2⤵
  PID:2932

memory/2408-0-0x000007FEF5DA3000-0x000007FEF5DA4000-memory.dmp

Filesize
4KB

Download
memory/2408-1-0x0000000000350000-0x0000000000446000-memory.dmp

Filesize
984KB

Download
memory/2408-2-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2408-3-0x000000001B620000-0x000000001B706000-memory.dmp

Filesize
920KB

Download
memory/2408-4-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download