7804c55894b6ffcf3a0dab24895f69c6d70ff97563253187a27b10ecc171c669

Analysis

max time kernel
14s
max time network
17s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 14:19

Target

SteamClient/Steam2.exe
Size

155KB
MD5

24579f75ee35bdd8e4ccc5351295bd9d
SHA1

aba441303c3b421dc246eadc469ca05f00dd006f
SHA256

0b5d62717704afe1282a9d6ade9104fe40e1c6ee855e4db66e8ef68f68c57cff
SHA512

3494565c8f75122f1204339bbdb3d90a4c2bb28405f98f5869d94775d9eb855fa19733c036b27e7bd3b6532a0aaede94ed427be3ac41d66efe7050073c6490d0
SSDEEP

3072:CjK4UGDHXrQ8hy7qgpHulWD9ZvZ5Pf3Ca10xuZ04ntfOshBul3ThNSHoNO/:CjK4TDUqgpqWDLZ5H+xuZ04fhA9fT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 580	1628	Steam2.exe	31
PID 1628 wrote to memory of 580	1628	Steam2.exe	31
PID 1628 wrote to memory of 580	1628	Steam2.exe	31

C:\Users\Admin\AppData\Local\Temp\SteamClient\Steam2.exe
"C:\Users\Admin\AppData\Local\Temp\SteamClient\Steam2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1628 -s 584
  2⤵
  PID:580

memory/1628-0-0x000007FEF630C000-0x000007FEF630D000-memory.dmp

Filesize
4KB

Download