6629fd327706ece79f824a2963e1c86b83ba9c51e5e2ed6aed63a203ebba2d32

Analysis

max time kernel
270s
max time network
277s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2023 09:05

Target

0x0003000000000733-166/Sample.exe
Size

11KB
MD5

b011efd31a1cae9e9465eb618426015d
SHA1

afb931feb34d89f6a73c3ddff50c9e3dda51c78e
SHA256

9c81354cac91362ee651ad235bd2c2ebff1039d17213863bb67cef828cf4288b
SHA512

fe85bbcbfd74d8b1404d228116ad1d3d52f0b0f03db56571b9c0c0439bba71f0f0c92d6cdd163a5372894d3860627681be85ed2da5b47b25dfe2834b2e5a950a
SSDEEP

192:v1TMYEYqjOvFm89xOn32eWWF4qvapNMm59R3BhN6zTI3m8QVNea5UQ:KjOPOnmzWFQCm595BkTihQVn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 3432	2220	Sample.exe	89
PID 2220 wrote to memory of 3432	2220	Sample.exe	89
PID 2220 wrote to memory of 3432	2220	Sample.exe	89

C:\Users\Admin\AppData\Local\Temp\0x0003000000000733-166\Sample.exe
"C:\Users\Admin\AppData\Local\Temp\0x0003000000000733-166\Sample.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- \??\c:\windows\System32\werfault.exe
  c:\windows\System32\werfault.exe
  2⤵
  PID:3432

memory/2220-133-0x000001F3F4800000-0x000001F3F4808000-memory.dmp

Filesize
32KB

Download
memory/3432-135-0x000002E6DEE20000-0x000002E6DEE9D000-memory.dmp

Filesize
500KB

Download
memory/3432-136-0x000002E6DEC50000-0x000002E6DEC52000-memory.dmp

Filesize
8KB

Download
memory/3432-137-0x000002E6DEA20000-0x000002E6DEB26000-memory.dmp

Filesize
1.0MB

Download
memory/3432-138-0x000002E6DEA20000-0x000002E6DEB26000-memory.dmp

Filesize
1.0MB

Download