6b44dd5ddee7cb5a3dd258c302671542480e61bbe66efdd9d7562d06596baf20

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
17/02/2024, 18:36

Target

6b44dd5ddee7cb5a3dd258c302671542480e61bbe66efdd9d7562d06596baf20.exe
Size

6KB
MD5

cd75164b2f30e80249aebc7124432b58
SHA1

262642fb8b828490d721d60a1ecadedf2d941c80
SHA256

6b44dd5ddee7cb5a3dd258c302671542480e61bbe66efdd9d7562d06596baf20
SHA512

74ecdf0547a16de36728f3d388cd6edc1b7b8d965b9915eaa22279da94cf0521986c1005d1163f7d0801fe419395b7077658314ea69d8429ef697d33609213e6
SSDEEP

48:SObt0S4FVgCp471Ib4Fc/38+N7DYocHa23WlTpebVetFygFI5a2oxdVoZiG/9uMO:P0mIGnFc/38+N4ZHJWSY9FI5Wqtx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2940	2644	6b44dd5ddee7cb5a3dd258c302671542480e61bbe66efdd9d7562d06596baf20.exe	28
PID 2644 wrote to memory of 2940	2644	6b44dd5ddee7cb5a3dd258c302671542480e61bbe66efdd9d7562d06596baf20.exe	28
PID 2644 wrote to memory of 2940	2644	6b44dd5ddee7cb5a3dd258c302671542480e61bbe66efdd9d7562d06596baf20.exe	28

C:\Users\Admin\AppData\Local\Temp\6b44dd5ddee7cb5a3dd258c302671542480e61bbe66efdd9d7562d06596baf20.exe
"C:\Users\Admin\AppData\Local\Temp\6b44dd5ddee7cb5a3dd258c302671542480e61bbe66efdd9d7562d06596baf20.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2644 -s 32
  2⤵
  PID:2940