65a531ec8c630770631d8193cedd6220f991b49a4bb095c5a4c224cd57ec4b0b

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:49

Target

190508f856745cca6849e5b99aec3289.exe
Size

6KB
MD5

190508f856745cca6849e5b99aec3289
SHA1

f55c3cf5df0ff1b56ec30513568f2622af082cd1
SHA256

65a531ec8c630770631d8193cedd6220f991b49a4bb095c5a4c224cd57ec4b0b
SHA512

ed1e59bd2ed881a1fb0cd514dd8c0b0430ebccfa64000f780b9a1b0f6c2e2c7836dde4ba19d3af449fe8f6f5b887add67173d7bc3cf915880bb787033091afc5
SSDEEP

96:WAcFBrqFPFC8xP06D5UlWCxxtQd+LQLmr5dfr1DWLe5LgbpzNt:6sPICP06qAMxtO+L1XfrzwL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2664	2340	190508f856745cca6849e5b99aec3289.exe	28
PID 2340 wrote to memory of 2664	2340	190508f856745cca6849e5b99aec3289.exe	28
PID 2340 wrote to memory of 2664	2340	190508f856745cca6849e5b99aec3289.exe	28

C:\Users\Admin\AppData\Local\Temp\190508f856745cca6849e5b99aec3289.exe
"C:\Users\Admin\AppData\Local\Temp\190508f856745cca6849e5b99aec3289.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2340 -s 616
  2⤵
  PID:2664

memory/2340-0-0x0000000000260000-0x0000000000268000-memory.dmp

Filesize
32KB

Download
memory/2340-1-0x000007FEF5EF0000-0x000007FEF68DC000-memory.dmp

Filesize
9.9MB

Download
memory/2340-2-0x000000001B0C0000-0x000000001B140000-memory.dmp

Filesize
512KB

Download
memory/2340-3-0x000007FEF5EF0000-0x000007FEF68DC000-memory.dmp

Filesize
9.9MB

Download
memory/2340-4-0x000000001B0C0000-0x000000001B140000-memory.dmp

Filesize
512KB

Download