06556165b19bfbe542e81296846c8d38ad3552b5252ada8a8a53fa73a8b26495

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 14:24

Target

06556165b19bfbe542e81296846c8d38ad3552b5252ada8a8a53fa73a8b26495.exe
Size

1.3MB
MD5

8a0cdfa2bca429be49328d142df81c3d
SHA1

559120996cb276d2b59a841c66a715f71b081a0c
SHA256

06556165b19bfbe542e81296846c8d38ad3552b5252ada8a8a53fa73a8b26495
SHA512

bc865ea0277dfcbe063287b1525f2348323900497be4e534e9f3cdc9c5974ef786a656b9c072da11e0a7484d61947c8e651bd640f9b8c7328466b1dfaf203e9e
SSDEEP

24576:XunZiVhuYIHoXqcHctS7jMD/3T7yaKDSVXT5X:KZguYmoXd8QMv71fXT5X

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

06556165b19bfbe542e81296846c8d38ad3552b5252ada8a8a53fa73a8b26495.exe

description	pid	process	target process
PID 1760 wrote to memory of 2760	1760	06556165b19bfbe542e81296846c8d38ad3552b5252ada8a8a53fa73a8b26495.exe	WerFault.exe
PID 1760 wrote to memory of 2760	1760	06556165b19bfbe542e81296846c8d38ad3552b5252ada8a8a53fa73a8b26495.exe	WerFault.exe
PID 1760 wrote to memory of 2760	1760	06556165b19bfbe542e81296846c8d38ad3552b5252ada8a8a53fa73a8b26495.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\06556165b19bfbe542e81296846c8d38ad3552b5252ada8a8a53fa73a8b26495.exe
"C:\Users\Admin\AppData\Local\Temp\06556165b19bfbe542e81296846c8d38ad3552b5252ada8a8a53fa73a8b26495.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1760 -s 144
  2⤵
  PID:2760