8d6ee227c57e825bc978db47c7587d46e7df06e3656d493486ee26b1426c98a6

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-10-2024 23:32

Target

bgfkbafhjoydwpbx.exe
Size

2.6MB
MD5

0c01cfc0685211b3c655c7a9526f1849
SHA1

864d23804b6e3c98efd1b56863a484b505ddf40b
SHA256

8d6ee227c57e825bc978db47c7587d46e7df06e3656d493486ee26b1426c98a6
SHA512

6024a41f371d77a82608c0e8ff314853404a50decb77838ace61c43a72ef954f4a227849b85e2aa3ef0749120e8361f13145006652596fb22b2f972bf7585719
SSDEEP

49152:EZPf0tL9d77T+WScpPNBqB0+i8jS9fQzm/kv49hISc1HeW6YS3jLqFtJc:TVScpPN3D/8Sc1HeW6YSad

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 108	2172	bgfkbafhjoydwpbx.exe	31
PID 2172 wrote to memory of 108	2172	bgfkbafhjoydwpbx.exe	31
PID 2172 wrote to memory of 108	2172	bgfkbafhjoydwpbx.exe	31

C:\Users\Admin\AppData\Local\Temp\bgfkbafhjoydwpbx.exe
"C:\Users\Admin\AppData\Local\Temp\bgfkbafhjoydwpbx.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2172 -s 28
  2⤵
  PID:108

memory/2172-0-0x000000013F940000-0x000000013FBE6000-memory.dmp

Filesize
2.6MB

Download