c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
23-10-2023 19:29

Target

c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37.exe
Size

1.2MB
MD5

f87feea23572e6954c82a39f42db7c49
SHA1

a4969650e3576bdf4e4509d7bbf99ceab33c1cac
SHA256

c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37
SHA512

d405ac41857a95d5bf3900a12e459f1b38b7ac7423fcf727a83b1e3ef8f866dddf0b85fe30ed2ab32633f31cd9dd7e24884f3714cd5d9cc81452132a6b0f6620
SSDEEP

24576:vA/389X9zMxnH4WVB5s4KQN2LTt8Y0edswcaWeoAuWU0sgGce7o9Pj3/t:vloMocT9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37.exe

description	pid	process	target process
PID 2820 wrote to memory of 2624	2820	c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37.exe	WerFault.exe
PID 2820 wrote to memory of 2624	2820	c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37.exe	WerFault.exe
PID 2820 wrote to memory of 2624	2820	c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37.exe
"C:\Users\Admin\AppData\Local\Temp\c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2820

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2820 -s 728
2⤵
PID:2624

memory/2820-0-0x000000013FBC0000-0x000000013FD60000-memory.dmp

Filesize
1.6MB

Download
memory/2820-1-0x000000013FBC0000-0x000000013FD60000-memory.dmp

Filesize
1.6MB

Download