4937681800eb515b4b01a7b1e5ce0c4c10223e5bb9e6d81637ee229af1bfbe16

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 14:59

Target

46861851cb5d34e8f73b6d44ece02223.exe
Size

117KB
MD5

46861851cb5d34e8f73b6d44ece02223
SHA1

8c5095398294039a7d7d1dab2570850d5973da28
SHA256

4937681800eb515b4b01a7b1e5ce0c4c10223e5bb9e6d81637ee229af1bfbe16
SHA512

5af9b379728d156c6614414f91b6893dd553079e421b4d26e363b5c489b152f81de500c347d38cff70336a621796c5b1e0ad49b74a97beb5631f2b8a6d63d274
SSDEEP

3072:xT2g33BsHoCn2wkLAebl9yiHNBTnEk5TaDRfWbsn1EVv00bz:Yg33B5wkh59yinnj5Webq1EVv00b

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2976	3040	46861851cb5d34e8f73b6d44ece02223.exe	28
PID 3040 wrote to memory of 2976	3040	46861851cb5d34e8f73b6d44ece02223.exe	28
PID 3040 wrote to memory of 2976	3040	46861851cb5d34e8f73b6d44ece02223.exe	28

C:\Users\Admin\AppData\Local\Temp\46861851cb5d34e8f73b6d44ece02223.exe
"C:\Users\Admin\AppData\Local\Temp\46861851cb5d34e8f73b6d44ece02223.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3040 -s 648
  2⤵
  PID:2976

memory/3040-0-0x000000013F0B0000-0x000000013F0D2000-memory.dmp

Filesize
136KB

Download
memory/3040-2-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/3040-1-0x0000000000740000-0x0000000000752000-memory.dmp

Filesize
72KB

Download
memory/3040-3-0x000000001B9C0000-0x000000001BA40000-memory.dmp

Filesize
512KB

Download
memory/3040-4-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/3040-5-0x000000001B9C0000-0x000000001BA40000-memory.dmp

Filesize
512KB

Download