93c442bbf0a5a829800e5391aedd2ec8f370d9a64fd34ef4be13435ac8a3187a

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 09:04

Target

93c442bbf0a5a829800e5391aedd2ec8f370d9a64fd34ef4be13435ac8a3187a.exe
Size

51KB
MD5

0c18dd8d93de8899666aefae53bf0daf
SHA1

c602ecc31b7674e8c8a610917071fb078934be47
SHA256

93c442bbf0a5a829800e5391aedd2ec8f370d9a64fd34ef4be13435ac8a3187a
SHA512

c9fd951b102034ebb0914a619bf579eb44d735ee94e7ef37df6baad258abc87d57734efb34355aa4ec3ac7c734f0c55d6a83a5e86eeb5f1d3f29fcb6fd602cab
SSDEEP

768:pJkFtOFBxt3AexmFyRXZLcUmdf7WDyBDXMKFzNlWqX:p6FtOFBZmFMXZLhef7WDQDXM4znWqX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 1788	624	93c442bbf0a5a829800e5391aedd2ec8f370d9a64fd34ef4be13435ac8a3187a.exe	28
PID 624 wrote to memory of 1788	624	93c442bbf0a5a829800e5391aedd2ec8f370d9a64fd34ef4be13435ac8a3187a.exe	28
PID 624 wrote to memory of 1788	624	93c442bbf0a5a829800e5391aedd2ec8f370d9a64fd34ef4be13435ac8a3187a.exe	28

C:\Users\Admin\AppData\Local\Temp\93c442bbf0a5a829800e5391aedd2ec8f370d9a64fd34ef4be13435ac8a3187a.exe
"C:\Users\Admin\AppData\Local\Temp\93c442bbf0a5a829800e5391aedd2ec8f370d9a64fd34ef4be13435ac8a3187a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:624
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 624 -s 604
  2⤵
  PID:1788

memory/624-0-0x0000000000080000-0x0000000000094000-memory.dmp

Filesize
80KB

Download
memory/624-1-0x000007FEF5630000-0x000007FEF601C000-memory.dmp

Filesize
9.9MB

Download
memory/624-2-0x000000001AF10000-0x000000001AF90000-memory.dmp

Filesize
512KB

Download
memory/624-3-0x000007FEF5630000-0x000007FEF601C000-memory.dmp

Filesize
9.9MB

Download
memory/624-4-0x000000001AF10000-0x000000001AF90000-memory.dmp

Filesize
512KB

Download