fdff56df249c4bc04a239f4f7272f2c77e6da10401c91b4944c7fe8fd5376125

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 04:07

Target

fdff56df249c4bc04a239f4f7272f2c77e6da10401c91b4944c7fe8fd5376125.exe
Size

10KB
MD5

f06e69b498d57400af18d83ea89824a1
SHA1

309a8e76eb385246879cb10ddb67d3bb0ec87fed
SHA256

fdff56df249c4bc04a239f4f7272f2c77e6da10401c91b4944c7fe8fd5376125
SHA512

150aba26405b624171f5d5449683706f32bff8c2ee61aeefaffc571681fbcda06e34de28ca9b3a321201b544de530d938bf0185e708a17dbd3657b28b39a8985
SSDEEP

192:mG9PZzfhSyToVT+MEQ0UjQIWKcNSKWUX:99PZzplsZ+MEQ0UgKQSKWU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2568	1924	fdff56df249c4bc04a239f4f7272f2c77e6da10401c91b4944c7fe8fd5376125.exe	28
PID 1924 wrote to memory of 2568	1924	fdff56df249c4bc04a239f4f7272f2c77e6da10401c91b4944c7fe8fd5376125.exe	28
PID 1924 wrote to memory of 2568	1924	fdff56df249c4bc04a239f4f7272f2c77e6da10401c91b4944c7fe8fd5376125.exe	28

C:\Users\Admin\AppData\Local\Temp\fdff56df249c4bc04a239f4f7272f2c77e6da10401c91b4944c7fe8fd5376125.exe
"C:\Users\Admin\AppData\Local\Temp\fdff56df249c4bc04a239f4f7272f2c77e6da10401c91b4944c7fe8fd5376125.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1924 -s 528
  2⤵
  PID:2568

memory/1924-0-0x0000000000910000-0x0000000000918000-memory.dmp

Filesize
32KB

Download
memory/1924-1-0x000007FEF5100000-0x000007FEF5AEC000-memory.dmp

Filesize
9.9MB

Download
memory/1924-2-0x000007FEF5100000-0x000007FEF5AEC000-memory.dmp

Filesize
9.9MB

Download