4e67f87bd0bd404dd5abdf4e40036fadc8f1df690a71067b6bf2a858b82b0df7

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 07:07

Target

4e67f87bd0bd404dd5abdf4e40036fadc8f1df690a71067b6bf2a858b82b0df7.exe
Size

6KB
MD5

8c1f9e1d6b6e892fc2d63ee12802e577
SHA1

bb86560f38e5de57be5390e5b3cb59c39943bce9
SHA256

4e67f87bd0bd404dd5abdf4e40036fadc8f1df690a71067b6bf2a858b82b0df7
SHA512

ee38d40e53ab9d41ead317fafc8022aea9f9466c1f57e7a9cfec45f5b1263a3aa2f4fbc813c3065ee1d2890c6c8760bf7f0d13732cd23f8dbb3202ae4ec1b48a
SSDEEP

48:Sqbt0S4FVgCp471Ib4Fc/38+N7DYocHa23WlTpebVetFygFI5a2oxdVoZiG/9uHO:b0mIGnFc/38+N4ZHJWSY9FI5WqYx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1340	1704	4e67f87bd0bd404dd5abdf4e40036fadc8f1df690a71067b6bf2a858b82b0df7.exe	28
PID 1704 wrote to memory of 1340	1704	4e67f87bd0bd404dd5abdf4e40036fadc8f1df690a71067b6bf2a858b82b0df7.exe	28
PID 1704 wrote to memory of 1340	1704	4e67f87bd0bd404dd5abdf4e40036fadc8f1df690a71067b6bf2a858b82b0df7.exe	28

C:\Users\Admin\AppData\Local\Temp\4e67f87bd0bd404dd5abdf4e40036fadc8f1df690a71067b6bf2a858b82b0df7.exe
"C:\Users\Admin\AppData\Local\Temp\4e67f87bd0bd404dd5abdf4e40036fadc8f1df690a71067b6bf2a858b82b0df7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1704 -s 32
  2⤵
  PID:1340