f13815723965d398c62b047473449f8c45ec1d87629f5cf5bd145c80ca433576

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
15-10-2023 19:51

Target

f0dd29f6de0e43c1e69932bac5a7bf70_exe64.exe
Size

253KB
MD5

f0dd29f6de0e43c1e69932bac5a7bf70
SHA1

066d84c73094a7a26e5e389ce269953b965482f5
SHA256

f13815723965d398c62b047473449f8c45ec1d87629f5cf5bd145c80ca433576
SHA512

72a7cab5fb214fe36dd7a999862616817ab550a431c76367dd01f5e6234e05ff5082dde57933dcce5ebef8a7e5811d4589213b781dd6664c83c9b77381a322d8
SSDEEP

3072:O/NXzK1UhklcT11INu4dumGPuTVrvaFqh9ERou+fQst9Fe331KD9Is5paY7OjN:aBmUhklquvdum1VTuqh6AYOSU955dO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2080	2208	f0dd29f6de0e43c1e69932bac5a7bf70_exe64.exe	28
PID 2208 wrote to memory of 2080	2208	f0dd29f6de0e43c1e69932bac5a7bf70_exe64.exe	28
PID 2208 wrote to memory of 2080	2208	f0dd29f6de0e43c1e69932bac5a7bf70_exe64.exe	28

C:\Users\Admin\AppData\Local\Temp\f0dd29f6de0e43c1e69932bac5a7bf70_exe64.exe
"C:\Users\Admin\AppData\Local\Temp\f0dd29f6de0e43c1e69932bac5a7bf70_exe64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2208 -s 56
  2⤵
  PID:2080