5fc5945ebbe324bc36fee47e917c31e5783a2a0e1b50cdcaf30b010bf07821d0

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
06-06-2024 07:29

Target

5fc5945ebbe324bc36fee47e917c31e5783a2a0e1b50cdcaf30b010bf07821d0.exe
Size

6KB
MD5

b41a31757fac30f21a4ddd7920f76112
SHA1

086d000eb9b3a86cfa62d8409c02037508c33f40
SHA256

5fc5945ebbe324bc36fee47e917c31e5783a2a0e1b50cdcaf30b010bf07821d0
SHA512

5eb1fa48d02eaaf09382fc22e19c85f9dcb6b05499d959827456a0bfb665a29c3169dd2770905a1308caa8b3f7d04dc695f5daf4b3d331cfa383f1aab563d926
SSDEEP

48:SEbt0S4FVgCp471Ib4Fc/38+N7DYocHa23WlTpebVetFygFI5a2oxdVoZiG/9u+O:p0mIGnFc/38+N4ZHJWSY9FI5Wqfx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 884	2420	5fc5945ebbe324bc36fee47e917c31e5783a2a0e1b50cdcaf30b010bf07821d0.exe	28
PID 2420 wrote to memory of 884	2420	5fc5945ebbe324bc36fee47e917c31e5783a2a0e1b50cdcaf30b010bf07821d0.exe	28
PID 2420 wrote to memory of 884	2420	5fc5945ebbe324bc36fee47e917c31e5783a2a0e1b50cdcaf30b010bf07821d0.exe	28

C:\Users\Admin\AppData\Local\Temp\5fc5945ebbe324bc36fee47e917c31e5783a2a0e1b50cdcaf30b010bf07821d0.exe
"C:\Users\Admin\AppData\Local\Temp\5fc5945ebbe324bc36fee47e917c31e5783a2a0e1b50cdcaf30b010bf07821d0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2420 -s 32
  2⤵
  PID:884