e32ad244af7ccb4a264e3aeaac7c2db0d67e10fac8aaddc279a12b47db91a31a

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:42

Target

751f468d83cda3b7b89f06c1d0406c46.exe
Size

11.2MB
MD5

751f468d83cda3b7b89f06c1d0406c46
SHA1

22938f27f7d0874fd513005e3102ccaa3cc1f676
SHA256

e32ad244af7ccb4a264e3aeaac7c2db0d67e10fac8aaddc279a12b47db91a31a
SHA512

82819879934d875c38e9fd4176b053fbd5a41723d1cbd562795fc8626fc424fb0f09f95bbc25bdfba49b06a0ffdd3ac11c05c9a633cf40ed9f81ebd5a86597c0
SSDEEP

196608:kUY/CSodGwBtGl7HGepaiWzSMV9hFMWsANJqHLHV29gIj1AAMKxIicyOuS:kUY/CNTjGlKDiWe2hFaANJSDOgIQjLuS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

751f468d83cda3b7b89f06c1d0406c46.exe

description	pid	process	target process
PID 2932 wrote to memory of 2936	2932	751f468d83cda3b7b89f06c1d0406c46.exe	WerFault.exe
PID 2932 wrote to memory of 2936	2932	751f468d83cda3b7b89f06c1d0406c46.exe	WerFault.exe
PID 2932 wrote to memory of 2936	2932	751f468d83cda3b7b89f06c1d0406c46.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\751f468d83cda3b7b89f06c1d0406c46.exe
"C:\Users\Admin\AppData\Local\Temp\751f468d83cda3b7b89f06c1d0406c46.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2932 -s 80
2⤵
PID:2936