739e15f9c4209169e497c4f6e5a7117d9a275cc25019f6488c1436b992e58474

Analysis

max time kernel
183s
max time network
145s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
15/11/2023, 12:09

Target

739e15f9c4209169e497c4f6e5a7117d9a275cc25019f6488c1436b992e58474.exe
Size

377KB
MD5

cf40565494bf0e794467f2d46e8f4d8e
SHA1

f01abf8bc978c4f382e2cfbfa5e1be8e2229c941
SHA256

739e15f9c4209169e497c4f6e5a7117d9a275cc25019f6488c1436b992e58474
SHA512

34f7871ca55191fde19e5f8165c8726c95bff40c3c2b05a3f96b189576027a9a7538d3512cd111b61212926d734ca53d1c67294f5d23a929f515af03852a8ba3
SSDEEP

6144:TR+klLPgzG19cEJG933ip5TItqydWlU9EEvqHJJJ655ZZo4/oTF:TQOLamDAniyNMlURSQ/oTF

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2896	2908	739e15f9c4209169e497c4f6e5a7117d9a275cc25019f6488c1436b992e58474.exe	30
PID 2908 wrote to memory of 2896	2908	739e15f9c4209169e497c4f6e5a7117d9a275cc25019f6488c1436b992e58474.exe	30
PID 2908 wrote to memory of 2896	2908	739e15f9c4209169e497c4f6e5a7117d9a275cc25019f6488c1436b992e58474.exe	30

C:\Users\Admin\AppData\Local\Temp\739e15f9c4209169e497c4f6e5a7117d9a275cc25019f6488c1436b992e58474.exe
"C:\Users\Admin\AppData\Local\Temp\739e15f9c4209169e497c4f6e5a7117d9a275cc25019f6488c1436b992e58474.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2908 -s 36
  2⤵
  PID:2896

memory/2908-0-0x000000013F6D0000-0x000000013F732000-memory.dmp

Filesize
392KB

Download