dd7313348f68cc89433223900f71ace17b1eb9e7beb8a4c8b1e2ffb17b13aad4

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 19:17

Target

8ff0f3bf0703cd463786131c90794323.exe
Size

117KB
MD5

8ff0f3bf0703cd463786131c90794323
SHA1

6d399fa743df46e345a087165c221296ef3c9d68
SHA256

dd7313348f68cc89433223900f71ace17b1eb9e7beb8a4c8b1e2ffb17b13aad4
SHA512

e5dcbbe537c3db86934855f1bdb2748878528dae2884f99009a1d1bef88125da02a3aec1a7df0131d1ab68badde8009e0d2b31da45440a98c73cd8fffbd80959
SSDEEP

3072:5GPRNkw9Tqt4QvsxoRAQpSsYgmpby+/tGTs1nL:gPcw9TqCQvsx8I3bt/tGTs1n

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 2404	816	8ff0f3bf0703cd463786131c90794323.exe	28
PID 816 wrote to memory of 2404	816	8ff0f3bf0703cd463786131c90794323.exe	28
PID 816 wrote to memory of 2404	816	8ff0f3bf0703cd463786131c90794323.exe	28

C:\Users\Admin\AppData\Local\Temp\8ff0f3bf0703cd463786131c90794323.exe
"C:\Users\Admin\AppData\Local\Temp\8ff0f3bf0703cd463786131c90794323.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:816
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 816 -s 648
  2⤵
  PID:2404

memory/816-0-0x000000013F7F0000-0x000000013F812000-memory.dmp

Filesize
136KB

Download
memory/816-1-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

Filesize
9.9MB

Download
memory/816-2-0x00000000005C0000-0x00000000005D2000-memory.dmp

Filesize
72KB

Download
memory/816-3-0x000000001BAE0000-0x000000001BB60000-memory.dmp

Filesize
512KB

Download
memory/816-4-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

Filesize
9.9MB

Download
memory/816-5-0x000000001BAE0000-0x000000001BB60000-memory.dmp

Filesize
512KB

Download