98a5c7ad2c40a682e6d571234ddd565327f535413e4eee13b8cccec2750d9138

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:38

Target

98a5c7ad2c40a682e6d571234ddd565327f535413e4eee13b8cccec2750d9138.exe
Size

6KB
MD5

261bb52a5eda4ec07c2305ca0940b9ff
SHA1

c376cecc7e80946cd30293e4e14b73754d746dee
SHA256

98a5c7ad2c40a682e6d571234ddd565327f535413e4eee13b8cccec2750d9138
SHA512

116b7e8059b38cdc42b3899ad8c67ed0f1077f8ca968720d535926b916efdc2ef3b33443a89cc251738cdabe9792bde2a50492019fb5995491e034e7ec8f72d7
SSDEEP

48:Spbt0S4FVgCp471Ib4Fc/38+N7DYocHa23WlTpebVetFygFI5a2oxdVoZiG/9uNO:M0mIGnFc/38+N4ZHJWSY9FI5WqOx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

98a5c7ad2c40a682e6d571234ddd565327f535413e4eee13b8cccec2750d9138.exe

description	pid	process	target process
PID 3012 wrote to memory of 3024	3012	98a5c7ad2c40a682e6d571234ddd565327f535413e4eee13b8cccec2750d9138.exe	WerFault.exe
PID 3012 wrote to memory of 3024	3012	98a5c7ad2c40a682e6d571234ddd565327f535413e4eee13b8cccec2750d9138.exe	WerFault.exe
PID 3012 wrote to memory of 3024	3012	98a5c7ad2c40a682e6d571234ddd565327f535413e4eee13b8cccec2750d9138.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\98a5c7ad2c40a682e6d571234ddd565327f535413e4eee13b8cccec2750d9138.exe
"C:\Users\Admin\AppData\Local\Temp\98a5c7ad2c40a682e6d571234ddd565327f535413e4eee13b8cccec2750d9138.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3012 -s 32
  2⤵
  PID:3024