a2969c56b17a1ef74201b8f3294bff5b3d6bdadbe19f23b4cb6d277de8d76cb0

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04-01-2024 17:25

Target

4179243cd2f7eaa692184265785ffe99.exe
Size

6KB
MD5

4179243cd2f7eaa692184265785ffe99
SHA1

8024742eb6c90b0ecf247b4bf266c1a24bfd9039
SHA256

a2969c56b17a1ef74201b8f3294bff5b3d6bdadbe19f23b4cb6d277de8d76cb0
SHA512

3cd12e646e2cd789ee37291fe27ba70b7615132ae8b4e5d7baadb2c81c68c34ae80f19d24ba3c15ac8dce064c7a150363e772b8f7d6945d0fb2e32e253a6df87
SSDEEP

96:FAcDrsRCCUgB1JUdh2TxtQV+LQLmr5dJ3DWLe5LgbpzNt:/rsM8JgUxtE+L1XJZwL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2876	3000	4179243cd2f7eaa692184265785ffe99.exe	29
PID 3000 wrote to memory of 2876	3000	4179243cd2f7eaa692184265785ffe99.exe	29
PID 3000 wrote to memory of 2876	3000	4179243cd2f7eaa692184265785ffe99.exe	29

C:\Users\Admin\AppData\Local\Temp\4179243cd2f7eaa692184265785ffe99.exe
"C:\Users\Admin\AppData\Local\Temp\4179243cd2f7eaa692184265785ffe99.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3000 -s 620
  2⤵
  PID:2876

memory/3000-0-0x0000000000240000-0x0000000000248000-memory.dmp

Filesize
32KB

Download
memory/3000-1-0x000007FEF50F0000-0x000007FEF5ADC000-memory.dmp

Filesize
9.9MB

Download
memory/3000-2-0x000000001B150000-0x000000001B1D0000-memory.dmp

Filesize
512KB

Download
memory/3000-3-0x000007FEF50F0000-0x000007FEF5ADC000-memory.dmp

Filesize
9.9MB

Download
memory/3000-4-0x000000001B150000-0x000000001B1D0000-memory.dmp

Filesize
512KB

Download