f28f1eb39e6b9343381691d1fc22df7b96412350d800ee0add4bb2828aa7567d

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 21:44

Target

aced7923ae205178de2004b272febaa8.exe
Size

2.4MB
MD5

aced7923ae205178de2004b272febaa8
SHA1

2b3120718f283fea1349e84ee00bba8af85c527e
SHA256

f28f1eb39e6b9343381691d1fc22df7b96412350d800ee0add4bb2828aa7567d
SHA512

3d64a89e879639e7f2011bea46d13057e0944a663fa43fb7c5ab437c79d01a9e89df251cce5b8b6d1373180daebbaec3463cfa4b7b4bfa24e48d224d58855501
SSDEEP

49152:jczWA1Y05Cx4GLBAypqOG/gb+Vvqutvf64Jd0RlRTIerKEbFGvcGwS:jczd/Cx4eB2OG4OquViCd0HR8sBG0jS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2968	2860	aced7923ae205178de2004b272febaa8.exe	28
PID 2860 wrote to memory of 2968	2860	aced7923ae205178de2004b272febaa8.exe	28
PID 2860 wrote to memory of 2968	2860	aced7923ae205178de2004b272febaa8.exe	28

C:\Users\Admin\AppData\Local\Temp\aced7923ae205178de2004b272febaa8.exe
"C:\Users\Admin\AppData\Local\Temp\aced7923ae205178de2004b272febaa8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2860 -s 576
  2⤵
  PID:2968

memory/2860-0-0x0000000001110000-0x0000000001386000-memory.dmp

Filesize
2.5MB

Download
memory/2860-1-0x000007FEF5A30000-0x000007FEF641C000-memory.dmp

Filesize
9.9MB

Download
memory/2860-2-0x000000001AB10000-0x000000001ABBE000-memory.dmp

Filesize
696KB

Download
memory/2860-3-0x000000001AC00000-0x000000001AC80000-memory.dmp

Filesize
512KB

Download
memory/2860-4-0x000007FEF5A30000-0x000007FEF641C000-memory.dmp

Filesize
9.9MB

Download
memory/2860-5-0x000000001AC00000-0x000000001AC80000-memory.dmp

Filesize
512KB

Download