320eec2c20e7788b8ca588210508240f62ed0f1d4824a4dc9dcc48f184467c2d

Analysis

max time kernel
243s
max time network
293s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 00:16

Target

320eec2c20e7788b8ca588210508240f62ed0f1d4824a4dc9dcc48f184467c2d.exe
Size

2.4MB
MD5

bd5e1868aa65afd552ab281a09a9b3b7
SHA1

98d70baf21b0b1416d2716e122a2ebe54472eebf
SHA256

320eec2c20e7788b8ca588210508240f62ed0f1d4824a4dc9dcc48f184467c2d
SHA512

66987c40d9eaa7eac126b8750b64bf38ad20fb1427b874d1e30abbed9cbcacc1247fa5c4c372028aa32b6aca5fc359a2b3d272a4245d680a98bfe714028ec22f
SSDEEP

49152:wUkQ1Yb8OqkJ8+6nNy/rnJuFW+fdm/tZSTb:lO3J8+dnJWfdm/tZSTb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2488	2088	320eec2c20e7788b8ca588210508240f62ed0f1d4824a4dc9dcc48f184467c2d.exe	28
PID 2088 wrote to memory of 2488	2088	320eec2c20e7788b8ca588210508240f62ed0f1d4824a4dc9dcc48f184467c2d.exe	28
PID 2088 wrote to memory of 2488	2088	320eec2c20e7788b8ca588210508240f62ed0f1d4824a4dc9dcc48f184467c2d.exe	28

C:\Users\Admin\AppData\Local\Temp\320eec2c20e7788b8ca588210508240f62ed0f1d4824a4dc9dcc48f184467c2d.exe
"C:\Users\Admin\AppData\Local\Temp\320eec2c20e7788b8ca588210508240f62ed0f1d4824a4dc9dcc48f184467c2d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2088 -s 72
  2⤵
  PID:2488

memory/2088-0-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download