6e7df456aae281fa546380351c4a626c17cadd08484341f24f8b309a564fa0c6

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 19:02

Target

72cdda8c677dece86d637b64dd657af0.exe
Size

6KB
MD5

72cdda8c677dece86d637b64dd657af0
SHA1

bfd9480612b65a352aeccde16965921de027436e
SHA256

6e7df456aae281fa546380351c4a626c17cadd08484341f24f8b309a564fa0c6
SHA512

5e11a4be84ab633b8bbc35ae4d1aa7f9dca35007e3d5bbc11bdd57f454ac776c072130d28ae0b020132f070016ca1ac54522e08b579134226b7f982428d47c5e
SSDEEP

96:qAckSFUCfMvdqiM6D5UhiDxtQ0+LQLmr5duutgDWLe1gbpzNt:FSFHfMv8iM6qwDxtb+L1Xu0L

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 1388	2268	72cdda8c677dece86d637b64dd657af0.exe	29
PID 2268 wrote to memory of 1388	2268	72cdda8c677dece86d637b64dd657af0.exe	29
PID 2268 wrote to memory of 1388	2268	72cdda8c677dece86d637b64dd657af0.exe	29

C:\Users\Admin\AppData\Local\Temp\72cdda8c677dece86d637b64dd657af0.exe
"C:\Users\Admin\AppData\Local\Temp\72cdda8c677dece86d637b64dd657af0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2268 -s 620
  2⤵
  PID:1388

memory/2268-0-0x0000000001160000-0x0000000001168000-memory.dmp

Filesize
32KB

Download
memory/2268-1-0x000007FEF5610000-0x000007FEF5FFC000-memory.dmp

Filesize
9.9MB

Download
memory/2268-2-0x000000001B3D0000-0x000000001B450000-memory.dmp

Filesize
512KB

Download
memory/2268-3-0x000007FEF5610000-0x000007FEF5FFC000-memory.dmp

Filesize
9.9MB

Download
memory/2268-4-0x000000001B3D0000-0x000000001B450000-memory.dmp

Filesize
512KB

Download