7a65ea84978d653141d5fe65a05f59831cd7be417ae8c630a4e584647e92b35c

Analysis

max time kernel
7s
max time network
37s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 10:46

Target

virussign.com_00689e80f9aaad22a716422b814f233f.exe
Size

110KB
MD5

00689e80f9aaad22a716422b814f233f
SHA1

566ffb28a550d534790b39908079afeef53dbf4e
SHA256

af53073a2e8822a85be4057d6b1862771c0274d7ec5a0b31271cb9e95ec563ef
SHA512

dc4947da94bb829874995908ec5f63e40dda61f013c1d3b65d287ca62008768929a418700b2f66a25af131c8aa77a7d1e0d0e0e99901b29a1b953d60a3cd5290
SSDEEP

3072:tbCETB4dDyUuFbwmfFBouhvGK02VhqUIEH:hCVDyUuFbwmfFBouhvGK02VhqUn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2308	2508	virussign.com_00689e80f9aaad22a716422b814f233f.exe	31
PID 2508 wrote to memory of 2308	2508	virussign.com_00689e80f9aaad22a716422b814f233f.exe	31
PID 2508 wrote to memory of 2308	2508	virussign.com_00689e80f9aaad22a716422b814f233f.exe	31

C:\Users\Admin\AppData\Local\Temp\virussign.com_00689e80f9aaad22a716422b814f233f.exe
"C:\Users\Admin\AppData\Local\Temp\virussign.com_00689e80f9aaad22a716422b814f233f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2508 -s 596
  2⤵
  PID:2308

memory/2508-0-0x000007FEF6103000-0x000007FEF6104000-memory.dmp

Filesize
4KB

Download
memory/2508-1-0x0000000000D00000-0x0000000000D22000-memory.dmp

Filesize
136KB

Download
memory/2508-2-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/2508-3-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

Filesize
9.9MB

Download
memory/2508-4-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

Filesize
9.9MB

Download