b554920e537224d33fdc864ac81f13a35ce8a404be64d13c0ee2c647dc18f892

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13-10-2023 22:43

Target

b554920e537224d33fdc864ac81f13a35ce8a404be64d13c0ee2c647dc18f892.exe
Size

6KB
MD5

4c949236f8511197d6e8b9604299c3e5
SHA1

759c5eb9c9dfb5f14acb73777ccbcbc770eb5de2
SHA256

b554920e537224d33fdc864ac81f13a35ce8a404be64d13c0ee2c647dc18f892
SHA512

8b3cc33bd23c827b5ed33bea18d75865ac3c06d6d370055e0d1342d9b0d4c83f6971034ccdc3abbf20963bd510580a372f79b564d0c1044167446d7e9e780241
SSDEEP

48:Shbt0S4FVgCp471Ib4Fc/38+N7DYocHa23WlTpebVetFygFI5a2oxdVoZiG/9uwO:I0mIGnFc/38+N4ZHJWSY9FI5Wqpx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2976	2220	b554920e537224d33fdc864ac81f13a35ce8a404be64d13c0ee2c647dc18f892.exe	28
PID 2220 wrote to memory of 2976	2220	b554920e537224d33fdc864ac81f13a35ce8a404be64d13c0ee2c647dc18f892.exe	28
PID 2220 wrote to memory of 2976	2220	b554920e537224d33fdc864ac81f13a35ce8a404be64d13c0ee2c647dc18f892.exe	28

C:\Users\Admin\AppData\Local\Temp\b554920e537224d33fdc864ac81f13a35ce8a404be64d13c0ee2c647dc18f892.exe
"C:\Users\Admin\AppData\Local\Temp\b554920e537224d33fdc864ac81f13a35ce8a404be64d13c0ee2c647dc18f892.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2220 -s 32
  2⤵
  PID:2976