5f9f18f64a2ff185ce1dade98e81849277035653c74a5f4c3a2b9daa1675648c

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 18:58

Target

Writing Tools (v7.1)/Writing Tools.exe
Size

68.1MB
MD5

d5fb11f50261c6d6268cd7c2a917a1da
SHA1

8b2ac4406deb0c038c78bd3560fd03895c5390f1
SHA256

6e477d01518d65b207ee49280530beaccad6291c8dadfea055d8df57dfd3d429
SHA512

812f9f71e0f1f497978ac5f2beafd96946f14f4b39892618d0af99242b083f2e41381438303b135aa7aa7e8ff18c74f02f84c319d849030222ccf0ab0f7f71bc
SSDEEP

1572864:YBYgZVcUBIOPCurKESXWD5F3yxQkhzdw4xT3Lm1+yZcMwCWcYdfq:YjBIOPCMSXy738xrZbC172pCWDdfq

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2712	Writing Tools.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2712	2748	Writing Tools.exe	31
PID 2748 wrote to memory of 2712	2748	Writing Tools.exe	31
PID 2748 wrote to memory of 2712	2748	Writing Tools.exe	31

C:\Users\Admin\AppData\Local\Temp\Writing Tools (v7.1)\Writing Tools.exe
"C:\Users\Admin\AppData\Local\Temp\Writing Tools (v7.1)\Writing Tools.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Users\Admin\AppData\Local\Temp\Writing Tools (v7.1)\Writing Tools.exe
  "C:\Users\Admin\AppData\Local\Temp\Writing Tools (v7.1)\Writing Tools.exe"
  2⤵
  - Loads dropped DLL
  PID:2712

C:\Users\Admin\AppData\Local\Temp\_MEI27482\python313.dll

Filesize
5.8MB

MD5
3aad23292404a7038eb07ce5a6348256

SHA1
35cac5479699b28549ebe36c1d064bfb703f0857

SHA256
78b1dd211c0e66a0603df48da2c9b67a915ab3258701b9285d3faa255ed8dc25

SHA512
f5b6ef04e744d2c98c1ef9402d7a8ce5cda3b008837cf2c37a8b6d0cd1b188ca46585a40b2db7acf019f67e6ced59eff5bc86e1aaf48d3c3b62fecf37f3aec6b

Download Submit