d264cd0f364ff0047dfc8aa7e89bca442467042c6850f9a9fb1431596049b266

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 03:12

Target

d264cd0f364ff0047dfc8aa7e89bca442467042c6850f9a9fb1431596049b266.exe
Size

8KB
MD5

8cef464a8866b4e477ac0f9a4becddad
SHA1

1f2e9aafe712d71373e18ec4c7660314f0eedac4
SHA256

d264cd0f364ff0047dfc8aa7e89bca442467042c6850f9a9fb1431596049b266
SHA512

0b1b964f1ed9ed9132f189c4e3a34c76d7340d20abf65e9eb8c4f9ecb4847d1cb7494dcc1de39b0a91a338996a19202a4103a5fab051349c24d5e10ff1386b48
SSDEEP

96:iQ4lBJBhEN+SbgSAxTFdwgCsZiciXS4byVxTAubdfQPXA8M4BzjV8QO8oszNt:jg+CicAyVxJdY9djLJoW

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2968	2776	d264cd0f364ff0047dfc8aa7e89bca442467042c6850f9a9fb1431596049b266.exe	28
PID 2776 wrote to memory of 2968	2776	d264cd0f364ff0047dfc8aa7e89bca442467042c6850f9a9fb1431596049b266.exe	28
PID 2776 wrote to memory of 2968	2776	d264cd0f364ff0047dfc8aa7e89bca442467042c6850f9a9fb1431596049b266.exe	28

C:\Users\Admin\AppData\Local\Temp\d264cd0f364ff0047dfc8aa7e89bca442467042c6850f9a9fb1431596049b266.exe
"C:\Users\Admin\AppData\Local\Temp\d264cd0f364ff0047dfc8aa7e89bca442467042c6850f9a9fb1431596049b266.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2776 -s 520
  2⤵
  PID:2968

memory/2776-0-0x0000000000B30000-0x0000000000B38000-memory.dmp

Filesize
32KB

Download
memory/2776-1-0x000007FEF5C40000-0x000007FEF662C000-memory.dmp

Filesize
9.9MB

Download
memory/2776-2-0x000007FEF5C40000-0x000007FEF662C000-memory.dmp

Filesize
9.9MB

Download