046cbf0dccc6127ee28d80a098a140c53085f2261a228d6fcc3c6a4775be3ebc

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 19:26

Target

41b712d3e91ef128ec49bf47540d0cb1.exe
Size

122KB
MD5

41b712d3e91ef128ec49bf47540d0cb1
SHA1

d5e3d2e77e254256b39f100c2e5dd83a89edfc85
SHA256

046cbf0dccc6127ee28d80a098a140c53085f2261a228d6fcc3c6a4775be3ebc
SHA512

d715f4e7b5169f31eb9fde4e14cfe851b6e7cfb5aebf6862fbc7de31017b5a40cbbd45caf8882f2652126bfc586a93be2fe74f396ee5dd390d7cc6a410fca0d2
SSDEEP

3072:UIeR4xCtIQ//5CQaq48ziTXm2oDbyqxNgSUVz:U2xCtD/5CtkziTX5oDbzxNgSUV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2156	2052	41b712d3e91ef128ec49bf47540d0cb1.exe	28
PID 2052 wrote to memory of 2156	2052	41b712d3e91ef128ec49bf47540d0cb1.exe	28
PID 2052 wrote to memory of 2156	2052	41b712d3e91ef128ec49bf47540d0cb1.exe	28

C:\Users\Admin\AppData\Local\Temp\41b712d3e91ef128ec49bf47540d0cb1.exe
"C:\Users\Admin\AppData\Local\Temp\41b712d3e91ef128ec49bf47540d0cb1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2052 -s 636
  2⤵
  PID:2156

memory/2052-0-0x000000013F870000-0x000000013F894000-memory.dmp

Filesize
144KB

Download
memory/2052-1-0x000007FEF5690000-0x000007FEF607C000-memory.dmp

Filesize
9.9MB

Download
memory/2052-2-0x000000001B920000-0x000000001B9A0000-memory.dmp

Filesize
512KB

Download
memory/2052-3-0x000007FEF5690000-0x000007FEF607C000-memory.dmp

Filesize
9.9MB

Download
memory/2052-4-0x000000001B920000-0x000000001B9A0000-memory.dmp

Filesize
512KB

Download