66a9b57171c47f06513fd9a9c736a6b426c63fe04ebf44f36717e26c71b14da4

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:22

Target

7514cad47450094f1d1e02b10dc5757f.exe
Size

23KB
MD5

7514cad47450094f1d1e02b10dc5757f
SHA1

82d3eb21bd2528bdeece7eefbeac9e8425c1ff50
SHA256

66a9b57171c47f06513fd9a9c736a6b426c63fe04ebf44f36717e26c71b14da4
SHA512

9d9f551af61cad736b5d2745f8c6a5a40869611c41f4900addf28c292dfdd24ff99075e9b74c299013e4cb5c3a63345678a747d85541e22c5645e8484d484a57
SSDEEP

384:fzNPETSY1UEjRkTJOEdyJNnHWektRFNEWUP1NsUk2A+zWZwi9KBw2HGUVBxRjAvl:LbQUfJOI+NnHWe8DEWY1WUk29q92GUX2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 1700	1740	7514cad47450094f1d1e02b10dc5757f.exe	28
PID 1740 wrote to memory of 1700	1740	7514cad47450094f1d1e02b10dc5757f.exe	28
PID 1740 wrote to memory of 1700	1740	7514cad47450094f1d1e02b10dc5757f.exe	28

C:\Users\Admin\AppData\Local\Temp\7514cad47450094f1d1e02b10dc5757f.exe
"C:\Users\Admin\AppData\Local\Temp\7514cad47450094f1d1e02b10dc5757f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1740 -s 584
  2⤵
  PID:1700

memory/1740-0-0x000000013FA80000-0x000000013FA8A000-memory.dmp

Filesize
40KB

Download
memory/1740-2-0x000000001C020000-0x000000001C0A0000-memory.dmp

Filesize
512KB

Download
memory/1740-1-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

Filesize
9.9MB

Download
memory/1740-3-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

Filesize
9.9MB

Download
memory/1740-4-0x000000001C020000-0x000000001C0A0000-memory.dmp

Filesize
512KB

Download