58f720c7664a0eea1e99b9293dffba1d45930a1ace26ba296ae81f461d5953d1

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 04:26

Target

58f720c7664a0eea1e99b9293dffba1d45930a1ace26ba296ae81f461d5953d1.exe
Size

4.8MB
MD5

3cac4651ce934a43d65392a7e829a7fd
SHA1

b4c714c4706e707ffa1169f1f2b3544a609aa81c
SHA256

58f720c7664a0eea1e99b9293dffba1d45930a1ace26ba296ae81f461d5953d1
SHA512

9af0c99801ad057d23ae93daf2fa791b1458c64fff9500949ac6d61ee7cd40c6a20c2cf9cd6fd9c65f40e92e673e68717d448bc61512532f8313dbaccaff9cca
SSDEEP

49152:bf9ADg4ioiWuWekjXIKC38hje8XhDA4FYb+Ecv/6:yi3WulBKg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 2036	1684	58f720c7664a0eea1e99b9293dffba1d45930a1ace26ba296ae81f461d5953d1.exe	28
PID 1684 wrote to memory of 2036	1684	58f720c7664a0eea1e99b9293dffba1d45930a1ace26ba296ae81f461d5953d1.exe	28
PID 1684 wrote to memory of 2036	1684	58f720c7664a0eea1e99b9293dffba1d45930a1ace26ba296ae81f461d5953d1.exe	28

C:\Users\Admin\AppData\Local\Temp\58f720c7664a0eea1e99b9293dffba1d45930a1ace26ba296ae81f461d5953d1.exe
"C:\Users\Admin\AppData\Local\Temp\58f720c7664a0eea1e99b9293dffba1d45930a1ace26ba296ae81f461d5953d1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1684 -s 544
  2⤵
  PID:2036

memory/1684-0-0x0000000000B70000-0x000000000103E000-memory.dmp

Filesize
4.8MB

Download
memory/1684-1-0x000007FEF5B40000-0x000007FEF652C000-memory.dmp

Filesize
9.9MB

Download
memory/1684-2-0x000007FEF5B40000-0x000007FEF652C000-memory.dmp

Filesize
9.9MB

Download