dc7ce445a16a5be4f01a821593f84a179bed30c0005c43476aebeb501425c9df

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 04:13

Target

dc7ce445a16a5be4f01a821593f84a179bed30c0005c43476aebeb501425c9df.exe
Size

470KB
MD5

78416e2398acbe004e7fdb9c6bd92690
SHA1

aa9071ab9323812691d99231ea0e53f843285719
SHA256

dc7ce445a16a5be4f01a821593f84a179bed30c0005c43476aebeb501425c9df
SHA512

7cf5a1e2b688e2117cbe93f3aa18fcd36ef9c8e7493972ecf14861e95b65ccb904d4cb86081a8f4abae2bbe38e3b22cc30da081b830f301fecfc3f9a6d77cb72
SSDEEP

12288:nYW3bIoOKbRXJG8R+UQjrg/iz2bEEvXebL1I:nYW3b2Kb7ArZAvXebJI

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

dc7ce445a16a5be4f01a821593f84a179bed30c0005c43476aebeb501425c9df.exe

description	pid	process	target process
PID 2880 wrote to memory of 2072	2880	dc7ce445a16a5be4f01a821593f84a179bed30c0005c43476aebeb501425c9df.exe	WerFault.exe
PID 2880 wrote to memory of 2072	2880	dc7ce445a16a5be4f01a821593f84a179bed30c0005c43476aebeb501425c9df.exe	WerFault.exe
PID 2880 wrote to memory of 2072	2880	dc7ce445a16a5be4f01a821593f84a179bed30c0005c43476aebeb501425c9df.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\dc7ce445a16a5be4f01a821593f84a179bed30c0005c43476aebeb501425c9df.exe
"C:\Users\Admin\AppData\Local\Temp\dc7ce445a16a5be4f01a821593f84a179bed30c0005c43476aebeb501425c9df.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2880

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2880 -s 504
2⤵
PID:2072

memory/2880-0-0x000007FEF5DD3000-0x000007FEF5DD4000-memory.dmp

Filesize
4KB

Download
memory/2880-1-0x00000000010F0000-0x000000000116C000-memory.dmp

Filesize
496KB

Download
memory/2880-2-0x000007FEF5DD3000-0x000007FEF5DD4000-memory.dmp

Filesize
4KB

Download