e50cf9a22fb408fd40ddec623feeaa727727e1f33d6f501194bb4ffcc808bbaa

Analysis

max time kernel
121s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 04:51

Target

e50cf9a22fb408fd40ddec623feeaa727727e1f33d6f501194bb4ffcc808bbaa.exe
Size

6KB
MD5

ac1198313748cf9b9d40185e9a35e097
SHA1

8e88a565607bd4ae5808939fc33d8f87b5180ea3
SHA256

e50cf9a22fb408fd40ddec623feeaa727727e1f33d6f501194bb4ffcc808bbaa
SHA512

f90f4cec6da2ca05a502684b630e3628e26ec3f41fed8e414cbfdc63d447110d924d7ec334e016dd265aa5353829bead5b1e4f6412e1535f302f78b09960108e
SSDEEP

48:S5bt0S4FVgCp471Ib4Fc/38+N7DYocHa23WlTpebVetFygFI5a2oxdVoZiG/9uJO:k0mIGnFc/38+N4ZHJWSY9FI5Wqix

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2644	2168	e50cf9a22fb408fd40ddec623feeaa727727e1f33d6f501194bb4ffcc808bbaa.exe	28
PID 2168 wrote to memory of 2644	2168	e50cf9a22fb408fd40ddec623feeaa727727e1f33d6f501194bb4ffcc808bbaa.exe	28
PID 2168 wrote to memory of 2644	2168	e50cf9a22fb408fd40ddec623feeaa727727e1f33d6f501194bb4ffcc808bbaa.exe	28

C:\Users\Admin\AppData\Local\Temp\e50cf9a22fb408fd40ddec623feeaa727727e1f33d6f501194bb4ffcc808bbaa.exe
"C:\Users\Admin\AppData\Local\Temp\e50cf9a22fb408fd40ddec623feeaa727727e1f33d6f501194bb4ffcc808bbaa.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2168 -s 32
  2⤵
  PID:2644