6dbcc562d627628e45187afbd2421be88797e20e36910393a883e361973da553

Analysis

max time kernel
68s
max time network
16s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
11/06/2024, 17:20

Target

cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Size

85KB
MD5

15cdabcecc4ae0ec3253b1625156b0a7
SHA1

fa1b2c6a2be53578ef278706cdee6f725e00b003
SHA256

6dbcc562d627628e45187afbd2421be88797e20e36910393a883e361973da553
SHA512

c9a1740bf5fed7cbc6d91ab92222b178fe4a8ab2d75dd8f18d827046bab88d7632b0751e953e77e29aaf9a9bf390697e94f23e172cfe034a4263bcf7c7149106
SSDEEP

1536:O3pQ59I3BbbHVlnOXrPBdfeISRAOl801AbcsqD95wSxdRf0:wQHMbb1lnOXrPXe7Yhq5Zs

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2284	1688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe	28
PID 1688 wrote to memory of 2284	1688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe	28
PID 1688 wrote to memory of 2284	1688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe	28

C:\Users\Admin\AppData\Local\Temp\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1688 -s 620
  2⤵
  PID:2284

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Desktop\EnterUnblock.bat" "
1⤵
PID:2852

memory/1688-0-0x000007FEF5553000-0x000007FEF5554000-memory.dmp

Filesize
4KB

Download
memory/1688-1-0x000000013FF40000-0x000000013FF5A000-memory.dmp

Filesize
104KB

Download
memory/1688-2-0x000007FEF5550000-0x000007FEF5F3C000-memory.dmp

Filesize
9.9MB

Download
memory/1688-3-0x000007FEF5550000-0x000007FEF5F3C000-memory.dmp

Filesize
9.9MB

Download
memory/1688-4-0x000007FEF5550000-0x000007FEF5F3C000-memory.dmp

Filesize
9.9MB

Download