6e477d01518d65b207ee49280530beaccad6291c8dadfea055d8df57dfd3d429

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 18:51

Target

WritingTools.exe
Size

68.1MB
MD5

d5fb11f50261c6d6268cd7c2a917a1da
SHA1

8b2ac4406deb0c038c78bd3560fd03895c5390f1
SHA256

6e477d01518d65b207ee49280530beaccad6291c8dadfea055d8df57dfd3d429
SHA512

812f9f71e0f1f497978ac5f2beafd96946f14f4b39892618d0af99242b083f2e41381438303b135aa7aa7e8ff18c74f02f84c319d849030222ccf0ab0f7f71bc
SSDEEP

1572864:YBYgZVcUBIOPCurKESXWD5F3yxQkhzdw4xT3Lm1+yZcMwCWcYdfq:YjBIOPCMSXy738xrZbC172pCWDdfq

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
684	WritingTools.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 684	2340	WritingTools.exe	31
PID 2340 wrote to memory of 684	2340	WritingTools.exe	31
PID 2340 wrote to memory of 684	2340	WritingTools.exe	31

C:\Users\Admin\AppData\Local\Temp\WritingTools.exe
"C:\Users\Admin\AppData\Local\Temp\WritingTools.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Users\Admin\AppData\Local\Temp\WritingTools.exe
  "C:\Users\Admin\AppData\Local\Temp\WritingTools.exe"
  2⤵
  - Loads dropped DLL
  PID:684

C:\Users\Admin\AppData\Local\Temp\_MEI23402\python313.dll

Filesize
5.8MB

MD5
3aad23292404a7038eb07ce5a6348256

SHA1
35cac5479699b28549ebe36c1d064bfb703f0857

SHA256
78b1dd211c0e66a0603df48da2c9b67a915ab3258701b9285d3faa255ed8dc25

SHA512
f5b6ef04e744d2c98c1ef9402d7a8ce5cda3b008837cf2c37a8b6d0cd1b188ca46585a40b2db7acf019f67e6ced59eff5bc86e1aaf48d3c3b62fecf37f3aec6b

Download Submit