46bd09b1583156b9658574821c48a6db4b896b9c69d4f2064c2bbb1dac8cfee0

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 09:41

Target

46bd09b1583156b9658574821c48a6db4b896b9c69d4f2064c2bbb1dac8cfee0.exe
Size

28KB
MD5

2be62c4c355f2e9dc7642174163ad80b
SHA1

3e9345e457d6cf922d83330dfd2b12145bd8edb0
SHA256

46bd09b1583156b9658574821c48a6db4b896b9c69d4f2064c2bbb1dac8cfee0
SHA512

fe157b04470965bc7c1666d4bdfaf5e19b6f6d42e1b5cb18b8535d2290b0ed6fcb8ddad773cccdeccbb0d7dcb48b497acb1745f71e4c83a34f0e175fe377d65d
SSDEEP

768:jEHP8BxumIsFTZrT5rTM41v1DbVJxgm3HrdM:jEHP8T/RTP/xX3e

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2536	2140	46bd09b1583156b9658574821c48a6db4b896b9c69d4f2064c2bbb1dac8cfee0.exe	15
PID 2140 wrote to memory of 2536	2140	46bd09b1583156b9658574821c48a6db4b896b9c69d4f2064c2bbb1dac8cfee0.exe	15
PID 2140 wrote to memory of 2536	2140	46bd09b1583156b9658574821c48a6db4b896b9c69d4f2064c2bbb1dac8cfee0.exe	15

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2140 -s 532
1⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\46bd09b1583156b9658574821c48a6db4b896b9c69d4f2064c2bbb1dac8cfee0.exe
"C:\Users\Admin\AppData\Local\Temp\46bd09b1583156b9658574821c48a6db4b896b9c69d4f2064c2bbb1dac8cfee0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2140

memory/2140-0-0x00000000013B0000-0x00000000013BE000-memory.dmp

Filesize
56KB

Download
memory/2140-1-0x000007FEF5380000-0x000007FEF5D6C000-memory.dmp

Filesize
9.9MB

Download
memory/2140-2-0x000007FEF5380000-0x000007FEF5D6C000-memory.dmp

Filesize
9.9MB

Download