a7579fcab9fa4d4e9ce850de7ce782384b2343eef082df0d9545c139566f2569

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 10:57

Target

a7579fcab9fa4d4e9ce850de7ce782384b2343eef082df0d9545c139566f2569.exe
Size

67KB
MD5

146b6759e439f6055fd9ef358b8f40b1
SHA1

e0a7d0098c1945b5e8085c4807f8e9ac6dc25ca2
SHA256

a7579fcab9fa4d4e9ce850de7ce782384b2343eef082df0d9545c139566f2569
SHA512

6214cb648998aa75db11885c7c5fc23f20044db57aa97d58751ac6963ca547a2883ad2daad6a931622925bada8d3ab83901d5c1bfb5c2e5cdc2a8223d60c4965
SSDEEP

768:jHkdsxTg+rrAmIbKY/8XFwIXrqzfNm7e0wNBCp/b4SLKN7y:LkdYg+r9IbKa42Ibilm7nwbK/bGN7y

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2576	2292	a7579fcab9fa4d4e9ce850de7ce782384b2343eef082df0d9545c139566f2569.exe	28
PID 2292 wrote to memory of 2576	2292	a7579fcab9fa4d4e9ce850de7ce782384b2343eef082df0d9545c139566f2569.exe	28
PID 2292 wrote to memory of 2576	2292	a7579fcab9fa4d4e9ce850de7ce782384b2343eef082df0d9545c139566f2569.exe	28

C:\Users\Admin\AppData\Local\Temp\a7579fcab9fa4d4e9ce850de7ce782384b2343eef082df0d9545c139566f2569.exe
"C:\Users\Admin\AppData\Local\Temp\a7579fcab9fa4d4e9ce850de7ce782384b2343eef082df0d9545c139566f2569.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2292 -s 612
  2⤵
  PID:2576

memory/2292-0-0x00000000008F0000-0x0000000000908000-memory.dmp

Filesize
96KB

Download
memory/2292-1-0x000007FEF5630000-0x000007FEF601C000-memory.dmp

Filesize
9.9MB

Download
memory/2292-2-0x0000000001FD0000-0x0000000002050000-memory.dmp

Filesize
512KB

Download
memory/2292-3-0x000007FEF5630000-0x000007FEF601C000-memory.dmp

Filesize
9.9MB

Download