d10449f12f6bd9f29e59600486bd48a49c0f7263a990ed82b9b2a635f4706fac

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-10-2024 20:38

Target

bot.exe
Size

2.6MB
MD5

3870b1e1ca36deec20214c6ae51f8f16
SHA1

feefcdc98dae9d1a720f8626af58f136f6468a0b
SHA256

d10449f12f6bd9f29e59600486bd48a49c0f7263a990ed82b9b2a635f4706fac
SHA512

840087c0a876bf027dba23d1050534bee2ad31e58b9343290b40c470d28cbde7158c785f200cadf6e5d69539183814b20f343e3130f974b8ce88af8d8ec338cc
SSDEEP

49152:7ZPf0tL9d77T+WScpPNBqB0+iajS9fQzw7baQrppXsg7G4zvw6FGyvoS5QJ+jweu:AVScpPN3l7baQ3sg7G4zvwevoS5QYweu

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 3024	2892	bot.exe	28
PID 2892 wrote to memory of 3024	2892	bot.exe	28
PID 2892 wrote to memory of 3024	2892	bot.exe	28

C:\Users\Admin\AppData\Local\Temp\bot.exe
"C:\Users\Admin\AppData\Local\Temp\bot.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2892 -s 28
  2⤵
  PID:3024

memory/2892-0-0x000000013F810000-0x000000013FAB6000-memory.dmp

Filesize
2.6MB

Download