f912935a2936ff15d6458b877c4041a556d117b8b953d6aa6fecb04f6162ba39

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 06:46

Target

f912935a2936ff15d6458b877c4041a556d117b8b953d6aa6fecb04f6162ba39.exe
Size

2.7MB
MD5

57d11c4b1bac832f1e6ea4d61393ad23
SHA1

46739d4024fb5141f877dbd9d13696791584036b
SHA256

f912935a2936ff15d6458b877c4041a556d117b8b953d6aa6fecb04f6162ba39
SHA512

d3d0ec7237aff90e8ea50004f791b6e9ff421a4a8d8017a0eff322b61bf23b711a2144d76dee76ebe1ea029a209fb988925bb66f46f6556a136440f9aa49694a
SSDEEP

49152:YT+n5T+nAT+nOT+nGZLl9AK8mHyx55LQQ95wUwm+tmCZ/zGAZdTfn:FnQn9nHnGSNZx550Q93DAmA5Zdn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 2560	2600	f912935a2936ff15d6458b877c4041a556d117b8b953d6aa6fecb04f6162ba39.exe	27
PID 2600 wrote to memory of 2560	2600	f912935a2936ff15d6458b877c4041a556d117b8b953d6aa6fecb04f6162ba39.exe	27
PID 2600 wrote to memory of 2560	2600	f912935a2936ff15d6458b877c4041a556d117b8b953d6aa6fecb04f6162ba39.exe	27

C:\Users\Admin\AppData\Local\Temp\f912935a2936ff15d6458b877c4041a556d117b8b953d6aa6fecb04f6162ba39.exe
"C:\Users\Admin\AppData\Local\Temp\f912935a2936ff15d6458b877c4041a556d117b8b953d6aa6fecb04f6162ba39.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2600 -s 532
  2⤵
  PID:2560

memory/2600-0-0x0000000001160000-0x0000000001410000-memory.dmp

Filesize
2.7MB

Download
memory/2600-1-0x000007FEF5470000-0x000007FEF5E5C000-memory.dmp

Filesize
9.9MB

Download
memory/2600-2-0x000007FEF5470000-0x000007FEF5E5C000-memory.dmp

Filesize
9.9MB

Download