5d06a9f1cdd16e1a386a4a1cf5416fd4fa0f20783e4f46c9b5226b3ae0087739

Analysis

max time kernel
11s
max time network
35s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 05:36 UTC

Target

5d06a9f1cdd16e1a386a4a1cf5416fd4fa0f20783e4f46c9b5226b3ae0087739.exe
Size

489KB
MD5

e9fcfb2631168d2b1348db93d37ec70e
SHA1

2f3abb07cda8acc08625fffb3aa264a51f899f2c
SHA256

5d06a9f1cdd16e1a386a4a1cf5416fd4fa0f20783e4f46c9b5226b3ae0087739
SHA512

54dafd240dc6231e17d07bd4c631ba0f67690ca0e4ac9406e5777194664908c064a8977cf1184df997c32db261c752d862447c5aa85a61d894110501167558aa
SSDEEP

3072:zdQ8eKk3obaoYtzyP6GoAZRhnyy3fosobC9ayy3fosobC9k2yiqyy3fGsob9Z2:zda4b5Y06yi

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1816 wrote to memory of 2080	1816	5d06a9f1cdd16e1a386a4a1cf5416fd4fa0f20783e4f46c9b5226b3ae0087739.exe	28
PID 1816 wrote to memory of 2080	1816	5d06a9f1cdd16e1a386a4a1cf5416fd4fa0f20783e4f46c9b5226b3ae0087739.exe	28
PID 1816 wrote to memory of 2080	1816	5d06a9f1cdd16e1a386a4a1cf5416fd4fa0f20783e4f46c9b5226b3ae0087739.exe	28

C:\Users\Admin\AppData\Local\Temp\5d06a9f1cdd16e1a386a4a1cf5416fd4fa0f20783e4f46c9b5226b3ae0087739.exe
"C:\Users\Admin\AppData\Local\Temp\5d06a9f1cdd16e1a386a4a1cf5416fd4fa0f20783e4f46c9b5226b3ae0087739.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1816 -s 696
  2⤵
  PID:2080

memory/1816-0-0x0000000001280000-0x0000000001300000-memory.dmp

Filesize
512KB

Download
memory/1816-1-0x000007FEF5C20000-0x000007FEF660C000-memory.dmp

Filesize
9.9MB

Download
memory/1816-2-0x000007FEF5C20000-0x000007FEF660C000-memory.dmp

Filesize
9.9MB

Download