6ae34a03b7072f4e54b5f974915bc44c99bc73b743752880973a60202a452334

Resubmissions

01-02-2025 12:54

01-02-2025 12:53

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 12:54

Target

Zorara-v2.4.34-x64/ZoraraUI.exe
Size

95KB
MD5

38246fb0d91772bb188b74956fcac653
SHA1

5b513501576bfd408c002bc7e3937222bd5880da
SHA256

5467a08450f3330e5aecfcac90b7e2f6005b7031b2e900c6080e894ff435223a
SHA512

66c2db8045386a2e3cf43cd56c9fc72d34108a4092fec0ef83c4817a6e2484ddde4d3366228532cbe60bff02d6e28b6c7354c749db955de236396dc29116251a
SSDEEP

1536:htOb8p1vRzSfcuafx2WR42zxMVY6dTPrvWa5riimh3VuM/APHV5y6SlSW8lXR:hEbfWytdTPrvWAPuw7Pby6S+lXR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2060	2224	ZoraraUI.exe	30
PID 2224 wrote to memory of 2060	2224	ZoraraUI.exe	30
PID 2224 wrote to memory of 2060	2224	ZoraraUI.exe	30

C:\Users\Admin\AppData\Local\Temp\Zorara-v2.4.34-x64\ZoraraUI.exe
"C:\Users\Admin\AppData\Local\Temp\Zorara-v2.4.34-x64\ZoraraUI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2224 -s 500
  2⤵
  PID:2060

memory/2224-0-0x000007FEF61C3000-0x000007FEF61C4000-memory.dmp

Filesize
4KB

Download
memory/2224-1-0x000000013FA20000-0x000000013FA3C000-memory.dmp

Filesize
112KB

Download