7c70df79d8ce8b5bc952a9189036831ac0de00873c5bac46338e961150b682a3

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 18:39

Target

Nahimic Installer.exe
Size

843KB
MD5

a402a123da178966887f32c36d05f170
SHA1

c1c1f0fc199715ebd8529fee83316fb03169ab31
SHA256

7c70df79d8ce8b5bc952a9189036831ac0de00873c5bac46338e961150b682a3
SHA512

7e6572b0a6b23685dd855782222e4a11de3fa0880f8573da635c1dce99fb169fca8fcae7d7e8b58d85983e454d7edc2ea7c6ab0b551e385f532ba150cca7b033
SSDEEP

12288:Fv+6GAIA3+Tac0RDffXJjyYp9poNHSy5viczBBH0N7KafXJjyJpBz:EbAI2+2DR7BWYp9po44HEOaBWJpBz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 3052	2976	Nahimic Installer.exe	30
PID 2976 wrote to memory of 3052	2976	Nahimic Installer.exe	30
PID 2976 wrote to memory of 3052	2976	Nahimic Installer.exe	30

C:\Users\Admin\AppData\Local\Temp\Nahimic Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Nahimic Installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2976 -s 628
  2⤵
  PID:3052

memory/2976-0-0x000007FEF57E3000-0x000007FEF57E4000-memory.dmp

Filesize
4KB

Download
memory/2976-1-0x0000000000E90000-0x0000000000F62000-memory.dmp

Filesize
840KB

Download
memory/2976-2-0x000007FEF57E0000-0x000007FEF61CC000-memory.dmp

Filesize
9.9MB

Download
memory/2976-3-0x000007FEF57E0000-0x000007FEF61CC000-memory.dmp

Filesize
9.9MB

Download