1258766390555235997b028942158f1177413246e3f8e7cf95eba1b47cb0ccbd

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-01-2025 18:37

Target

HacKed.facebooek‮exe.scr
Size

235KB
MD5

b09e2e1281495fa1ee6d1dcdb12c3218
SHA1

71855f7712a915afc5e0c9823db288c936186323
SHA256

8786009a7fdfc83d7585aae40754a3d5c8230ccb33943e92e964dac02bf330ca
SHA512

fef2bcf896960056c5237f0513d91294706eb113497fe83fd4b03d2a5c47d57b012c905cecb5bfe0bf56c02d7af25e83f29b4d37d44e8c4c3dda6819d8127d9b
SSDEEP

6144:m+S79QUEtQ3B5A6Ci3joVGCRiBUkgCNN+uwwL:EZApxBRu1gCCud

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 2880	2272	HacKed.facebooek‮exe.scr	28
PID 2272 wrote to memory of 2880	2272	HacKed.facebooek‮exe.scr	28
PID 2272 wrote to memory of 2880	2272	HacKed.facebooek‮exe.scr	28

C:\Users\Admin\AppData\Local\Temp\HacKed.facebooek‮exe.scr
"C:\Users\Admin\AppData\Local\Temp\HacKed.facebooek‮exe.scr" /S
1⤵
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 356
  2⤵
  PID:2880

memory/2272-0-0x000007FEF553E000-0x000007FEF553F000-memory.dmp

Filesize
4KB

Download
memory/2272-1-0x000007FEF5280000-0x000007FEF5C1D000-memory.dmp

Filesize
9.6MB

Download
memory/2272-3-0x000007FEF553E000-0x000007FEF553F000-memory.dmp

Filesize
4KB

Download
memory/2272-4-0x000007FEF5280000-0x000007FEF5C1D000-memory.dmp

Filesize
9.6MB

Download
memory/2880-2-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download