588021a4d6e295579f290eba36a2b117794241ed1a064cc65108456ac75bdb4c

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 15:25

Target

ac35edc8ce3da52380f17bfe7d5cd1de.exe
Size

6KB
MD5

ac35edc8ce3da52380f17bfe7d5cd1de
SHA1

9ff33a338f2c398cdb284b50d32620f88c611086
SHA256

588021a4d6e295579f290eba36a2b117794241ed1a064cc65108456ac75bdb4c
SHA512

8bed24195d4523d16cf74d390e8ce697080a57275f7154a0d4328a40de33d0eb5a203236053edf6fcf354a07f376d506501ffcd342bf0ae10add77c1be16d379
SSDEEP

96:YAcNrolu+CYX1OLT7BZmMxtQN+LQLmr5dHiDWLe5LgbpzNt:6oluxk2vfxta+L1XHYwL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 1280	2360	ac35edc8ce3da52380f17bfe7d5cd1de.exe	29
PID 2360 wrote to memory of 1280	2360	ac35edc8ce3da52380f17bfe7d5cd1de.exe	29
PID 2360 wrote to memory of 1280	2360	ac35edc8ce3da52380f17bfe7d5cd1de.exe	29

C:\Users\Admin\AppData\Local\Temp\ac35edc8ce3da52380f17bfe7d5cd1de.exe
"C:\Users\Admin\AppData\Local\Temp\ac35edc8ce3da52380f17bfe7d5cd1de.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2360 -s 620
  2⤵
  PID:1280

memory/2360-0-0x0000000000220000-0x0000000000228000-memory.dmp

Filesize
32KB

Download
memory/2360-1-0x000007FEF5F80000-0x000007FEF696C000-memory.dmp

Filesize
9.9MB

Download
memory/2360-2-0x000000001B310000-0x000000001B390000-memory.dmp

Filesize
512KB

Download
memory/2360-3-0x000007FEF5F80000-0x000007FEF696C000-memory.dmp

Filesize
9.9MB

Download
memory/2360-4-0x000000001B310000-0x000000001B390000-memory.dmp

Filesize
512KB

Download