5ed393d1e048cf31f1eab079a58ef7e089dcd5376cf4f2789281ccb0a3ce71e0

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-12-2024 08:16

Target

ekstre.pdf.exe
Size

491KB
MD5

7e489c990749ef292c4d2bb492229d33
SHA1

bb912cefcbe835e760b7b23541614c632b5386ca
SHA256

a90064fabd3a584e530137cca993bdb15ea853afadceee02d80a5f46601255ea
SHA512

722a537217da520f7d956c5cead9dd2eef1656e6f3e3c48ceb4330c9af3fd10f0f4d9960da9872567d7f3815393745c5da23543a174271ce6f797fcf7a666e09
SSDEEP

12288:ZWgIcViPGnn1LovLpbclh4ONHAzkHcuoRBZYI0fabMpa:MgsPmK1chtNsAc0IPYQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2468	2364	ekstre.pdf.exe	32
PID 2364 wrote to memory of 2468	2364	ekstre.pdf.exe	32
PID 2364 wrote to memory of 2468	2364	ekstre.pdf.exe	32

C:\Users\Admin\AppData\Local\Temp\ekstre.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\ekstre.pdf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2364 -s 608
  2⤵
  PID:2468

memory/2364-0-0x000007FEF5803000-0x000007FEF5804000-memory.dmp

Filesize
4KB

Download
memory/2364-1-0x00000000012A0000-0x000000000131E000-memory.dmp

Filesize
504KB

Download
memory/2364-2-0x0000000000A30000-0x0000000000AAA000-memory.dmp

Filesize
488KB

Download
memory/2364-3-0x000007FEF5800000-0x000007FEF61EC000-memory.dmp

Filesize
9.9MB

Download
memory/2364-4-0x000007FEF5800000-0x000007FEF61EC000-memory.dmp

Filesize
9.9MB

Download