9692052eb895f4ecba3efdd6c8013571dd2a6ab605ac65db18d68fccf14023cb

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 14:18

Target

9692052eb895f4ecba3efdd6c8013571dd2a6ab605ac65db18d68fccf14023cb.exe
Size

1.1MB
MD5

4f7c84902a73a32634b813e67e62991b
SHA1

fad5fed59b95d4fa19ed36bed612f70e57fa126b
SHA256

9692052eb895f4ecba3efdd6c8013571dd2a6ab605ac65db18d68fccf14023cb
SHA512

dfa715ba8f50772db56ae98d4622ca4e376da8f1764c78283e79572b05e0f9576535f052dbff9d2b906e4d5ee373c32bd9ca7ba3a9ead21144a324d9ea36f835
SSDEEP

24576:w2UlQci3khFwLhaOUYo8N3ZbXBFO5ZDSiTbJ7:WGfaw1aOU/orFO5tV7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

9692052eb895f4ecba3efdd6c8013571dd2a6ab605ac65db18d68fccf14023cb.exe

description	pid	process	target process
PID 2964 wrote to memory of 2136	2964	9692052eb895f4ecba3efdd6c8013571dd2a6ab605ac65db18d68fccf14023cb.exe	WerFault.exe
PID 2964 wrote to memory of 2136	2964	9692052eb895f4ecba3efdd6c8013571dd2a6ab605ac65db18d68fccf14023cb.exe	WerFault.exe
PID 2964 wrote to memory of 2136	2964	9692052eb895f4ecba3efdd6c8013571dd2a6ab605ac65db18d68fccf14023cb.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\9692052eb895f4ecba3efdd6c8013571dd2a6ab605ac65db18d68fccf14023cb.exe
"C:\Users\Admin\AppData\Local\Temp\9692052eb895f4ecba3efdd6c8013571dd2a6ab605ac65db18d68fccf14023cb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2964 -s 144
  2⤵
  PID:2136