1429363a609282393015df73bb88aea33d19637a0abb82982d1050e56e1b4481

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-04-2024 12:58

Target

INV0029382.exe
Size

997KB
MD5

c72150696ac13ac1a2dc8b492c0d5ca3
SHA1

ff72cd015ebfe11c15f331122103fb78c5ad118c
SHA256

1429363a609282393015df73bb88aea33d19637a0abb82982d1050e56e1b4481
SHA512

505dd2c31c2f4e08330239d1a7c4357df8fd1c8aa66a50b5a4e91162b7c800caefb56eef69aa6c66955382a91fcb2997f269eaf280826e647a9491a2f9741c1f
SSDEEP

24576:gsP3GbkmtYXd/f9j91ir4hpKyO7YL3qiA8b2ab6WzXQ9DwYE:gf2Xrj9Qru/kaqFabBQ9sb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

INV0029382.exe

description	pid	process	target process
PID 2944 wrote to memory of 272	2944	INV0029382.exe	WerFault.exe
PID 2944 wrote to memory of 272	2944	INV0029382.exe	WerFault.exe
PID 2944 wrote to memory of 272	2944	INV0029382.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\INV0029382.exe
"C:\Users\Admin\AppData\Local\Temp\INV0029382.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2944

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2944 -s 580
2⤵
PID:272

memory/2944-0-0x0000000000140000-0x00000000001AC000-memory.dmp

Filesize
432KB

Download
memory/2944-1-0x000007FEF54B0000-0x000007FEF5E9C000-memory.dmp

Filesize
9.9MB

Download
memory/2944-2-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download
memory/2944-3-0x000007FEF54B0000-0x000007FEF5E9C000-memory.dmp

Filesize
9.9MB

Download
memory/2944-4-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download