76d0cfa8b3a7ead016481deffe18da697a701cd97905bf4b998815525757de8b

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 03:34

Target

c79574b677ae4d00b67b0f1039edf8f3.exe
Size

6KB
MD5

c79574b677ae4d00b67b0f1039edf8f3
SHA1

2f8c57fbdf973a39261a8fe488664554d265111b
SHA256

76d0cfa8b3a7ead016481deffe18da697a701cd97905bf4b998815525757de8b
SHA512

e9e2c971942c3ffc7833347f35734aefb2c482add4c919f89e04628c75fc6faad18b23805cdabce88f2d0483ec84532174ecfd820f8583a159f4ea419c0a6e58
SSDEEP

96:lAczjRaJCs8k6D5UliR9xtQr+LQLmr5duDWLe1gbpzNt:/jA01k6qMLxtk+L1XhL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2560	2956	c79574b677ae4d00b67b0f1039edf8f3.exe	29
PID 2956 wrote to memory of 2560	2956	c79574b677ae4d00b67b0f1039edf8f3.exe	29
PID 2956 wrote to memory of 2560	2956	c79574b677ae4d00b67b0f1039edf8f3.exe	29

C:\Users\Admin\AppData\Local\Temp\c79574b677ae4d00b67b0f1039edf8f3.exe
"C:\Users\Admin\AppData\Local\Temp\c79574b677ae4d00b67b0f1039edf8f3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2956 -s 616
  2⤵
  PID:2560

memory/2956-0-0x0000000000D10000-0x0000000000D18000-memory.dmp

Filesize
32KB

Download
memory/2956-1-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2956-2-0x000000001B340000-0x000000001B3C0000-memory.dmp

Filesize
512KB

Download
memory/2956-3-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2956-4-0x000000001B340000-0x000000001B3C0000-memory.dmp

Filesize
512KB

Download