1258766390555235997b028942158f1177413246e3f8e7cf95eba1b47cb0ccbd

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
03-01-2025 18:37

Target

HacKed.facebook‮exe.scr
Size

435KB
MD5

7f18823b070f9877e53443925201d73c
SHA1

26deb9ed1a59af5c4cf4deb6cbec333d845aba14
SHA256

5b3e033710a46f7ca648c8cf8e12689881423897b18dd62808c58545c58e247f
SHA512

3e1db774b388a0169d5cabce08875dbe8e2b0a9534e37e99577ae5ff1dad795aaafd2e9ceefc4b9757c1b2a0c1cffc15bc78a018e717f44be6b3565ed1d6fae6
SSDEEP

6144:Sibl/sNm9d5CotOauE4aNS/yAN/pLNHupUDbNkhtG/B7epMKPo:nbl/sNmT+E4ayN/1NHuu5TepMC

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 1560	1104	HacKed.facebook‮exe.scr	31
PID 1104 wrote to memory of 1560	1104	HacKed.facebook‮exe.scr	31
PID 1104 wrote to memory of 1560	1104	HacKed.facebook‮exe.scr	31

C:\Users\Admin\AppData\Local\Temp\HacKed.facebook‮exe.scr
"C:\Users\Admin\AppData\Local\Temp\HacKed.facebook‮exe.scr" /S
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 368
  2⤵
  PID:1560

memory/1104-0-0x000007FEF5B3E000-0x000007FEF5B3F000-memory.dmp

Filesize
4KB

Download
memory/1104-1-0x000007FEF5880000-0x000007FEF621D000-memory.dmp

Filesize
9.6MB

Download
memory/1104-3-0x000007FEF5880000-0x000007FEF621D000-memory.dmp

Filesize
9.6MB

Download
memory/1104-4-0x000007FEF5B3E000-0x000007FEF5B3F000-memory.dmp

Filesize
4KB

Download
memory/1560-2-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download