ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03-02-2024 13:35

Target

ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984.exe
Size

1.5MB
MD5

d47b6e128cc5797062d81250aee93ba1
SHA1

0b91e05746b1b48f30e5f9d2d733584f02dd856b
SHA256

ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984
SHA512

eb4a944e390fbb2d2033915ecb975abbcf57b63d443eb58a1dcb1def6ae28a57e7c2766eb52eaa360fe7754dd63f297eba5780859abc6d57ace43f7254bbd8d6
SSDEEP

24576:sEWnbDqMa30NjOufUcsPOFDSVXT5X4fnlOXwMhDgiya:vMDha3YOuf7sPO6XT5X4lE1ki1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984.exe

description	pid	process	target process
PID 2452 wrote to memory of 2180	2452	ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984.exe	WerFault.exe
PID 2452 wrote to memory of 2180	2452	ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984.exe	WerFault.exe
PID 2452 wrote to memory of 2180	2452	ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984.exe
"C:\Users\Admin\AppData\Local\Temp\ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2452 -s 136
  2⤵
  PID:2180