5d039f4368f88a2299be91303c03143e340f700f1fc8aa0a8cdbfbc5a193c6be

Analysis

max time kernel
131s
max time network
134s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 11:13

Target

5d039f4368f88a2299be91303c03143e340f700f1fc8aa0a8cdbfbc5a193c6be.exe
Size

707KB
MD5

f3a2357ae9e0de9aef94b2f74e7a16f6
SHA1

39a466a10658b05109187294f195c5db1cabb065
SHA256

5d039f4368f88a2299be91303c03143e340f700f1fc8aa0a8cdbfbc5a193c6be
SHA512

41a49d5a30e4364690611fc14c5ef731122f2046c6ebc0f93e7990731f5f01411994227ecbc5ab07a71ebea9b0acc045f07279ec1def881590297b6f2d1d7a32
SSDEEP

12288:UllDmoaL11nL8U46v6YQZcD9S6Y2/9kxEZbPw0DueNXDYnDREop3Mcx:2lYLJ9S6Y2/KxEZzuZDeq3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 2020	1632	5d039f4368f88a2299be91303c03143e340f700f1fc8aa0a8cdbfbc5a193c6be.exe	30
PID 1632 wrote to memory of 2020	1632	5d039f4368f88a2299be91303c03143e340f700f1fc8aa0a8cdbfbc5a193c6be.exe	30
PID 1632 wrote to memory of 2020	1632	5d039f4368f88a2299be91303c03143e340f700f1fc8aa0a8cdbfbc5a193c6be.exe	30

C:\Users\Admin\AppData\Local\Temp\5d039f4368f88a2299be91303c03143e340f700f1fc8aa0a8cdbfbc5a193c6be.exe
"C:\Users\Admin\AppData\Local\Temp\5d039f4368f88a2299be91303c03143e340f700f1fc8aa0a8cdbfbc5a193c6be.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1632 -s 188
  2⤵
  PID:2020