ddb496d55e34777535cac7e12ec09bfbc5193b4df8a4eb3b270aed88d9a6e2bd

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 19:17

Target

ddb496d55e34777535cac7e12ec09bfbc5193b4df8a4eb3b270aed88d9a6e2bd.exe
Size

6KB
MD5

7abe320fb41da24362aa51b6a4b1aaf5
SHA1

dc781089da1a3d92ae90fe1f964ff622478b9cc9
SHA256

ddb496d55e34777535cac7e12ec09bfbc5193b4df8a4eb3b270aed88d9a6e2bd
SHA512

361a5a548dab010f0a58e2230278e435e6f4a09fd48f8db1ba6a3004490aaeca1eb81cbe4dea0bee0a5cf05a21e21fda22943fb45613d08a85aeb53a9cbadd4e
SSDEEP

48:S5nbt0S4FVgCp471Ib4Fc/38+N7DYocHa23WlTpebVetFygFI5a2oxdVoZiG/9uW:wb0mIGnFc/38+N4ZHJWSY9FI5Wqwx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 1412	1640	ddb496d55e34777535cac7e12ec09bfbc5193b4df8a4eb3b270aed88d9a6e2bd.exe	28
PID 1640 wrote to memory of 1412	1640	ddb496d55e34777535cac7e12ec09bfbc5193b4df8a4eb3b270aed88d9a6e2bd.exe	28
PID 1640 wrote to memory of 1412	1640	ddb496d55e34777535cac7e12ec09bfbc5193b4df8a4eb3b270aed88d9a6e2bd.exe	28

C:\Users\Admin\AppData\Local\Temp\ddb496d55e34777535cac7e12ec09bfbc5193b4df8a4eb3b270aed88d9a6e2bd.exe
"C:\Users\Admin\AppData\Local\Temp\ddb496d55e34777535cac7e12ec09bfbc5193b4df8a4eb3b270aed88d9a6e2bd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1640 -s 32
  2⤵
  PID:1412