6004b569473bb967c3c668cb44cc41eeeab354b98b8611d10dc63be71428b8c1

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231130-en
resource tags

arch:x64arch:x86image:win7-20231130-enlocale:en-usos:windows7-x64system
submitted
11/12/2023, 06:06

Target

6004b569473bb967c3c668cb44cc41eeeab354b98b8611d10dc63be71428b8c1.exe
Size

276KB
MD5

37931b2209af997c168b4f22d88a18c3
SHA1

a84e5bfcf796fea3b35397cc11e6736070e950fd
SHA256

6004b569473bb967c3c668cb44cc41eeeab354b98b8611d10dc63be71428b8c1
SHA512

69a7ab42976d7a08256654fd489775e9f594caeaf665718985e0fe47af9cf1e40eed0fa026cad3f3e00724ab9075d88200de28e880196e086bd6d457b472b545
SSDEEP

6144:LaSMoA0iJ7HalmMKCwDpTUm1ZrrpMVVz:LjA0iJ7aUMKCwNVP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2908	2664	6004b569473bb967c3c668cb44cc41eeeab354b98b8611d10dc63be71428b8c1.exe	30
PID 2664 wrote to memory of 2908	2664	6004b569473bb967c3c668cb44cc41eeeab354b98b8611d10dc63be71428b8c1.exe	30
PID 2664 wrote to memory of 2908	2664	6004b569473bb967c3c668cb44cc41eeeab354b98b8611d10dc63be71428b8c1.exe	30

C:\Users\Admin\AppData\Local\Temp\6004b569473bb967c3c668cb44cc41eeeab354b98b8611d10dc63be71428b8c1.exe
"C:\Users\Admin\AppData\Local\Temp\6004b569473bb967c3c668cb44cc41eeeab354b98b8611d10dc63be71428b8c1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2664 -s 736
  2⤵
  PID:2908