c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6

Analysis

max time kernel
175s
max time network
26s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 12:09

Target

c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6.exe
Size

2.8MB
MD5

09fb3611b349370ee24b52e50565c93a
SHA1

55f29091186b29507b83203d857c031986a6fbc1
SHA256

c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6
SHA512

1e6389cf421b94c612d6e08e97bb6a02c3e8c0a4c6fbf6a1da22154a57463a5583463a52467da40d338944fbfc2ca4930c75f36de2b0899d90c56f03c500b65c
SSDEEP

24576:Xqw0YZamDvaBX7Z1RzjvI2nStBf0+Ec0xMk58UsU3AoXTnidt9s91b:aw0YZamk7JvtQITnidt9s91b

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 2708	2604	c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6.exe	30
PID 2604 wrote to memory of 2708	2604	c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6.exe	30
PID 2604 wrote to memory of 2708	2604	c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6.exe	30

C:\Users\Admin\AppData\Local\Temp\c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6.exe
"C:\Users\Admin\AppData\Local\Temp\c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2604 -s 56
  2⤵
  PID:2708

memory/2604-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2604-2-0x000000013FD20000-0x000000013FE74000-memory.dmp

Filesize
1.3MB

Download
memory/2604-3-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download