f5a2eedfb73465ee91af4df241c359ed555bf13c2197f6dc50fcc01ff850e110

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09-01-2024 05:16

Target

f5a2eedfb73465ee91af4df241c359ed555bf13c2197f6dc50fcc01ff850e110.exe
Size

6KB
MD5

2afde2c8a9b8a096e2bdaabd3daa0a8b
SHA1

40451bf1175dbec0825e083fec3a7ca2905e9b55
SHA256

f5a2eedfb73465ee91af4df241c359ed555bf13c2197f6dc50fcc01ff850e110
SHA512

4fe7206a2f3d495825a3f0571217bb6b6f4e943f934b6a426e10b2d30231b61473969898a97811896261b934eb525f0b3ae990b2fc6cc1f3a3fa0f724ff1c746
SSDEEP

48:SPbt0S4FVgCp471Ib4Fc/38+N7DYocHa23WlTpebVetFygFI5a2oxdVoZiG/9uvO:e0mIGnFc/38+N4ZHJWSY9FI5WqAx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2404	2976	f5a2eedfb73465ee91af4df241c359ed555bf13c2197f6dc50fcc01ff850e110.exe	28
PID 2976 wrote to memory of 2404	2976	f5a2eedfb73465ee91af4df241c359ed555bf13c2197f6dc50fcc01ff850e110.exe	28
PID 2976 wrote to memory of 2404	2976	f5a2eedfb73465ee91af4df241c359ed555bf13c2197f6dc50fcc01ff850e110.exe	28

C:\Users\Admin\AppData\Local\Temp\f5a2eedfb73465ee91af4df241c359ed555bf13c2197f6dc50fcc01ff850e110.exe
"C:\Users\Admin\AppData\Local\Temp\f5a2eedfb73465ee91af4df241c359ed555bf13c2197f6dc50fcc01ff850e110.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2976 -s 32
  2⤵
  PID:2404