3bd620605043e8f1a9c2801c5b56ad63128e759ae6d13edea3a3bf6478120d48

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:07

Target

3bd620605043e8f1a9c2801c5b56ad63128e759ae6d13edea3a3bf6478120d48.exe
Size

219KB
MD5

233dc241c884cda57cd4c7bda27f9b60
SHA1

d86a417ae919d41070d32ecdc9ab61ff58fa6098
SHA256

3bd620605043e8f1a9c2801c5b56ad63128e759ae6d13edea3a3bf6478120d48
SHA512

cc1bc9fa32781f6ac6d0629dc83a6dad271ab6aa8d81d27ab9fa325740fc412d2dff16929ebad84f19cbff8e38d39684c398ab918f374ba1645679e0e8a89d75
SSDEEP

6144:tG69ZXtGokMjFCEFt2ikjnUgWIH5Qg1Q9dW+uWSfm6:tGGv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

3bd620605043e8f1a9c2801c5b56ad63128e759ae6d13edea3a3bf6478120d48.exe

description	pid	process	target process
PID 3008 wrote to memory of 2888	3008	3bd620605043e8f1a9c2801c5b56ad63128e759ae6d13edea3a3bf6478120d48.exe	WerFault.exe
PID 3008 wrote to memory of 2888	3008	3bd620605043e8f1a9c2801c5b56ad63128e759ae6d13edea3a3bf6478120d48.exe	WerFault.exe
PID 3008 wrote to memory of 2888	3008	3bd620605043e8f1a9c2801c5b56ad63128e759ae6d13edea3a3bf6478120d48.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\3bd620605043e8f1a9c2801c5b56ad63128e759ae6d13edea3a3bf6478120d48.exe
"C:\Users\Admin\AppData\Local\Temp\3bd620605043e8f1a9c2801c5b56ad63128e759ae6d13edea3a3bf6478120d48.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3008 -s 604
  2⤵
  PID:2888

memory/3008-0-0x000007FEF5373000-0x000007FEF5374000-memory.dmp

Filesize
4KB

Download
memory/3008-1-0x0000000000910000-0x000000000094C000-memory.dmp

Filesize
240KB

Download
memory/3008-2-0x000007FEF5370000-0x000007FEF5D5C000-memory.dmp

Filesize
9.9MB

Download
memory/3008-3-0x000007FEF5373000-0x000007FEF5374000-memory.dmp

Filesize
4KB

Download