02732d1fada18e2143af076eae57f81b01731c3833e3f0795340b8a32219b831

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 18:11

Target

02732d1fada18e2143af076eae57f81b01731c3833e3f0795340b8a32219b831.exe
Size

1.4MB
MD5

436d9fef2894ab8a81e77aef4718c682
SHA1

41ee2e71adaf001889e668dbbfacb501e4d2746b
SHA256

02732d1fada18e2143af076eae57f81b01731c3833e3f0795340b8a32219b831
SHA512

5caa01bd1b90a72a2cba6de3c6b8b2dca83b01dec2e5ff289bbc2324ce6337be7b7dc8f69b3f626cf219e9777b505b109745c6828602a641fafab5851a665a2c
SSDEEP

24576:vIg0EQeg04HqwuWud+jl1fHTwmgea5KMIg0EQeg04HqwuWud+jl1fHTwmgea5K:vyeg0UpuWudIzwPe9Myeg0UpuWudIzwM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 1888	2696	02732d1fada18e2143af076eae57f81b01731c3833e3f0795340b8a32219b831.exe	28
PID 2696 wrote to memory of 1888	2696	02732d1fada18e2143af076eae57f81b01731c3833e3f0795340b8a32219b831.exe	28
PID 2696 wrote to memory of 1888	2696	02732d1fada18e2143af076eae57f81b01731c3833e3f0795340b8a32219b831.exe	28

C:\Users\Admin\AppData\Local\Temp\02732d1fada18e2143af076eae57f81b01731c3833e3f0795340b8a32219b831.exe
"C:\Users\Admin\AppData\Local\Temp\02732d1fada18e2143af076eae57f81b01731c3833e3f0795340b8a32219b831.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2696 -s 504
  2⤵
  PID:1888

memory/2696-0-0x000007FEF5F83000-0x000007FEF5F84000-memory.dmp

Filesize
4KB

Download
memory/2696-1-0x0000000000D40000-0x0000000000EAA000-memory.dmp

Filesize
1.4MB

Download
memory/2696-2-0x000007FEF5F83000-0x000007FEF5F84000-memory.dmp

Filesize
4KB

Download