665d0df8a1ee82d5667e467a3145652604297c3ae97861b73f33230866215231

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 20:43 UTC

Target

665d0df8a1ee82d5667e467a3145652604297c3ae97861b73f33230866215231.exe
Size

362KB
MD5

e67d6d36a67760cf1fda71acadcae870
SHA1

96ff9fcf6e3af12fe68567ac7fdfb220ee021cdc
SHA256

665d0df8a1ee82d5667e467a3145652604297c3ae97861b73f33230866215231
SHA512

8c3ec851b1f4b6e9a40da1771154bfa215a2282556631c4368e21a8b06b5105ba42ace06cc258860b97941f7e6cce7927572021bf935e6d0744ffa0158b7ea0d
SSDEEP

6144:P0Y4sTgjJ7nWMov6u4oUR43O7A7jMRnErQU1nT:P0Y4s+J7a6u4oURqjI41nT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2532	1664	665d0df8a1ee82d5667e467a3145652604297c3ae97861b73f33230866215231.exe	29
PID 1664 wrote to memory of 2532	1664	665d0df8a1ee82d5667e467a3145652604297c3ae97861b73f33230866215231.exe	29
PID 1664 wrote to memory of 2532	1664	665d0df8a1ee82d5667e467a3145652604297c3ae97861b73f33230866215231.exe	29

C:\Users\Admin\AppData\Local\Temp\665d0df8a1ee82d5667e467a3145652604297c3ae97861b73f33230866215231.exe
"C:\Users\Admin\AppData\Local\Temp\665d0df8a1ee82d5667e467a3145652604297c3ae97861b73f33230866215231.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1664 -s 524
  2⤵
  PID:2532

memory/1664-0-0x00000000008E0000-0x000000000093C000-memory.dmp

Filesize
368KB

Download
memory/1664-1-0x000007FEF5C50000-0x000007FEF663C000-memory.dmp

Filesize
9.9MB

Download
memory/1664-2-0x000007FEF5C50000-0x000007FEF663C000-memory.dmp

Filesize
9.9MB

Download