951a28313b9c3154c10297a6b11bcd1f5c44e7e43b628cce24520da376881106

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19-01-2024 16:23

Target

6816c2fe9bf569ebe7bd6e9dabae4d19.exe
Size

36KB
MD5

6816c2fe9bf569ebe7bd6e9dabae4d19
SHA1

a6b942f20868aacc11211a4f2eed23ad135d6c3d
SHA256

951a28313b9c3154c10297a6b11bcd1f5c44e7e43b628cce24520da376881106
SHA512

63f9ee21029524de29949d55355cef42067318c4ae5d316dd9c40189e489986dcc6f8244ef2efb5e36178d9933a49d3a72ad0df963d81eabe287e2f7d1cea163
SSDEEP

768:Ve1yXgRMRO9eOPNawQB+hsn0ByfrAc6ZyFVlXSUh0003w9dwVn75g9:o1RMRy4wQB+hsn0ByfkcZFLXSS0w9dwQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 2364	1760	6816c2fe9bf569ebe7bd6e9dabae4d19.exe	28
PID 1760 wrote to memory of 2364	1760	6816c2fe9bf569ebe7bd6e9dabae4d19.exe	28
PID 1760 wrote to memory of 2364	1760	6816c2fe9bf569ebe7bd6e9dabae4d19.exe	28

C:\Users\Admin\AppData\Local\Temp\6816c2fe9bf569ebe7bd6e9dabae4d19.exe
"C:\Users\Admin\AppData\Local\Temp\6816c2fe9bf569ebe7bd6e9dabae4d19.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1760 -s 584
  2⤵
  PID:2364

memory/1760-0-0x000000013FE90000-0x000000013FE9E000-memory.dmp

Filesize
56KB

Download
memory/1760-1-0x000007FEF52E0000-0x000007FEF5CCC000-memory.dmp

Filesize
9.9MB

Download
memory/1760-2-0x000000001ADA0000-0x000000001AE20000-memory.dmp

Filesize
512KB

Download
memory/1760-3-0x000007FEF52E0000-0x000007FEF5CCC000-memory.dmp

Filesize
9.9MB

Download
memory/1760-4-0x000000001ADA0000-0x000000001AE20000-memory.dmp

Filesize
512KB

Download