a2ec9d525640615569e47f0947ba7737d0fd04252bfbf224796bb2b04ff2d7a4

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
02-11-2023 16:41

Target

a2ec9d525640615569e47f0947ba7737d0fd04252bfbf224796bb2b04ff2d7a4.exe
Size

6KB
MD5

91be57372d8beef851251a62babe3ee9
SHA1

25f70c56ceab9005a84e573d351dfe6466e86856
SHA256

a2ec9d525640615569e47f0947ba7737d0fd04252bfbf224796bb2b04ff2d7a4
SHA512

bae6d1c96af20ba387b04327e4f48aed099c4b5a4994c865baa5bc1eeaa7a6009e2a08c50e3c96c9d4ee0782d441b0e7f722f4c124d9f68f65743bf2ec324b44
SSDEEP

48:SZbt0S4FVgCp471Ib4Fc/38+N7DYocHa23WlTpebVetFygFI5a2oxdVoZiG/9uvO:k0mIGnFc/38+N4ZHJWSY9FI5Wqwx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2000	2732	a2ec9d525640615569e47f0947ba7737d0fd04252bfbf224796bb2b04ff2d7a4.exe	28
PID 2732 wrote to memory of 2000	2732	a2ec9d525640615569e47f0947ba7737d0fd04252bfbf224796bb2b04ff2d7a4.exe	28
PID 2732 wrote to memory of 2000	2732	a2ec9d525640615569e47f0947ba7737d0fd04252bfbf224796bb2b04ff2d7a4.exe	28

C:\Users\Admin\AppData\Local\Temp\a2ec9d525640615569e47f0947ba7737d0fd04252bfbf224796bb2b04ff2d7a4.exe
"C:\Users\Admin\AppData\Local\Temp\a2ec9d525640615569e47f0947ba7737d0fd04252bfbf224796bb2b04ff2d7a4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2732 -s 32
  2⤵
  PID:2000