b373ae97740b974bd541ba01489332f06dc85634f1cdba7737323f001db957d2

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-11-2024 05:01

Target

CMWTAT_Digital_2.7.1.0.exe
Size

12.1MB
MD5

1b3b8632dfaeaba4179ed116f252c98b
SHA1

28f95d16e8b3e5cba20957585cbc66faaeac408a
SHA256

ecadd1160efb201d93302afe0390cbab60d9ccf3b98e2c385cc7cdfd8f9ca77b
SHA512

eed9a30f3bcedc26a0212cd46cbc35e5105e71852e3025971c9c96dc822a0465d8fd545304c0234c8b11347b0dce791cda0208ee18472017484c4fe71a0f43eb
SSDEEP

98304:kbK5ECUcY0U94catbK5ECUcY0U94caweqDceT/wiXJDntBksKY+ND3WyA4+TLVeW:A4nBDceT/wcnJ45/9iD54+V11bFv4zT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

CMWTAT_Digital_2.7.1.0.exe

description	pid	process	target process
PID 2512 wrote to memory of 2348	2512	CMWTAT_Digital_2.7.1.0.exe	WerFault.exe
PID 2512 wrote to memory of 2348	2512	CMWTAT_Digital_2.7.1.0.exe	WerFault.exe
PID 2512 wrote to memory of 2348	2512	CMWTAT_Digital_2.7.1.0.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\CMWTAT_Digital_2.7.1.0.exe
"C:\Users\Admin\AppData\Local\Temp\CMWTAT_Digital_2.7.1.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2512 -s 656
  2⤵
  PID:2348

memory/2512-0-0x000007FEF5393000-0x000007FEF5394000-memory.dmp

Filesize
4KB

Download
memory/2512-1-0x0000000000B60000-0x0000000001780000-memory.dmp

Filesize
12.1MB

Download
memory/2512-2-0x000007FEF5390000-0x000007FEF5D7C000-memory.dmp

Filesize
9.9MB

Download
memory/2512-3-0x000000001C1E0000-0x000000001CA94000-memory.dmp

Filesize
8.7MB

Download
memory/2512-4-0x00000000004A0000-0x00000000004F0000-memory.dmp

Filesize
320KB

Download
memory/2512-5-0x000007FEF5390000-0x000007FEF5D7C000-memory.dmp

Filesize
9.9MB

Download