08851208a7194d4665ac8ccb177d197ee9005eb4330828f20329aeb256020862

Analysis

max time kernel
122s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 19:41

Target

0e446d91147a29ea910f09af6ed52139.exe
Size

9KB
MD5

0e446d91147a29ea910f09af6ed52139
SHA1

4e2244d102cf1e209456f5a4092ddeb345e31ea6
SHA256

08851208a7194d4665ac8ccb177d197ee9005eb4330828f20329aeb256020862
SHA512

2cde4249cb8962e5c2afd5bbd8d0c0e07bc90473b108fad092a74ec621cb4f1920712df1e77742153a9c5904ff338db1143772b6f68d68aa9cd359f2f499208c
SSDEEP

192:UQzF4XDQF1y8+/DRGb2MLP5yDK6o5BLUZCWm+Y:1sD01y8+/Dob2whyDKtIZCWm+Y

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2916	2224	0e446d91147a29ea910f09af6ed52139.exe	28
PID 2224 wrote to memory of 2916	2224	0e446d91147a29ea910f09af6ed52139.exe	28
PID 2224 wrote to memory of 2916	2224	0e446d91147a29ea910f09af6ed52139.exe	28

C:\Users\Admin\AppData\Local\Temp\0e446d91147a29ea910f09af6ed52139.exe
"C:\Users\Admin\AppData\Local\Temp\0e446d91147a29ea910f09af6ed52139.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2224 -s 564
  2⤵
  PID:2916

memory/2224-0-0x0000000000020000-0x0000000000026000-memory.dmp

Filesize
24KB

Download
memory/2224-1-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

Filesize
9.9MB

Download
memory/2224-2-0x000000001ADB0000-0x000000001AE30000-memory.dmp

Filesize
512KB

Download
memory/2224-3-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

Filesize
9.9MB

Download
memory/2224-4-0x000000001ADB0000-0x000000001AE30000-memory.dmp

Filesize
512KB

Download