70373d95033e55b09873814bf3e698628d1dfda12b35ce2940ebaaed5b781418

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 07:35

Target

file.exe
Size

712KB
MD5

848c065c0f1c57ffb9a5331d4e863fe3
SHA1

dee8cd814f722c99f6729a0b4156acd8d457c366
SHA256

70373d95033e55b09873814bf3e698628d1dfda12b35ce2940ebaaed5b781418
SHA512

7634deaa90fc069004b7210fe02e48e0bd55c9550c4c73388f11ffa9fb6cbbdbb7a43c83cc16b13a49ba028e6480472298520971462aac93cb4c2980e8392a7a
SSDEEP

12288:PHGosfgavoLI/kfhC9RcnXih+3V+YJ4H/wfRYUfxqNDXD1Wg:PwfdTqs2XiAV7J4HQ5qNDT0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 2612	1028	file.exe	28
PID 1028 wrote to memory of 2612	1028	file.exe	28
PID 1028 wrote to memory of 2612	1028	file.exe	28

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1028 -s 644
  2⤵
  PID:2612

memory/1028-0-0x000007FEF5623000-0x000007FEF5624000-memory.dmp

Filesize
4KB

Download
memory/1028-1-0x000000013F6D0000-0x000000013F786000-memory.dmp

Filesize
728KB

Download
memory/1028-2-0x000007FEF5620000-0x000007FEF600C000-memory.dmp

Filesize
9.9MB

Download
memory/1028-3-0x0000000000910000-0x000000000092C000-memory.dmp

Filesize
112KB

Download
memory/1028-4-0x0000000000560000-0x0000000000574000-memory.dmp

Filesize
80KB

Download
memory/1028-5-0x00000000023D0000-0x000000000245A000-memory.dmp

Filesize
552KB

Download
memory/1028-6-0x000007FEF5623000-0x000007FEF5624000-memory.dmp

Filesize
4KB

Download
memory/1028-7-0x000007FEF5620000-0x000007FEF600C000-memory.dmp

Filesize
9.9MB

Download