52fe9f423aa1e4a763fb5b012095bcd6a91819038803ab35e9b26ec676304821

Analysis

max time kernel
20s
max time network
18s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20-02-2024 06:38

Target

A4g9i2re1n.exe
Size

3.0MB
MD5

95fa0324e5c4fb381d26dae7c0b9fbd5
SHA1

f8557d98c6f7fd1111aab7a71c74bec9395e9fbb
SHA256

52fe9f423aa1e4a763fb5b012095bcd6a91819038803ab35e9b26ec676304821
SHA512

7596a24c786ba54aa89078f9668116b5d9b9af3a0cb2c35d96bcb9fe2724564c76020c512a3d1df830887e751a61a05df5c6799e3fd53f06800f242cf239fc7c
SSDEEP

49152:RcEeTCc/TqjAtennuhRVCuvxVgfId7/jwl5phlJAq3pXtMyFqeDNerQfWQAo:WEWN4uvXgm/W5pP37MheMLQl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 2440	1836	A4g9i2re1n.exe	28
PID 1836 wrote to memory of 2440	1836	A4g9i2re1n.exe	28
PID 1836 wrote to memory of 2440	1836	A4g9i2re1n.exe	28

C:\Users\Admin\AppData\Local\Temp\A4g9i2re1n.exe
"C:\Users\Admin\AppData\Local\Temp\A4g9i2re1n.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1836 -s 212
  2⤵
  PID:2440

memory/1836-0-0x000000013F7A0000-0x000000013FAA5000-memory.dmp

Filesize
3.0MB

Download
memory/1836-1-0x0000000077AA0000-0x0000000077C49000-memory.dmp

Filesize
1.7MB

Download
memory/1836-2-0x0000000077AA0000-0x0000000077C49000-memory.dmp

Filesize
1.7MB

Download
memory/1836-4-0x0000000077AA0000-0x0000000077C49000-memory.dmp

Filesize
1.7MB

Download
memory/1836-3-0x0000000077AA0000-0x0000000077C49000-memory.dmp

Filesize
1.7MB

Download
memory/1836-5-0x0000000077AA0000-0x0000000077C49000-memory.dmp

Filesize
1.7MB

Download
memory/1836-6-0x000000013F7A0000-0x000000013FAA5000-memory.dmp

Filesize
3.0MB

Download