ece75d080f94df4b3699389021337b1536cfed229d1325f09b03f0b0d6d85ab4

Analysis

max time kernel
0s
max time network
1s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 09:44

Target

cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Size

86KB
MD5

d213a75b1956398e4c36bcc2f93339bf
SHA1

6a2739cc0e67f5593c744fbcbc8f00f12eef9954
SHA256

ece75d080f94df4b3699389021337b1536cfed229d1325f09b03f0b0d6d85ab4
SHA512

d32ddaf4c6f8f8df6c390d683e6c039f3b0d8f35f68f690b28bf88b17caedf0e11abd3aeb2e46238d0cd0a91b2db095cca0782b4e27f04453ea4cb6db38f4dd7
SSDEEP

1536:LoreNTh3K49I3BbbHVlnOXrPBdfeISRAOl801AbcsqD95wSxdRf1:LoQTh6EMbb1lnOXrPXe7Yhq5Z9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2656	2368	cd57e4c171d6e8f5ea8b8f824a6a7316.exe	28
PID 2368 wrote to memory of 2656	2368	cd57e4c171d6e8f5ea8b8f824a6a7316.exe	28
PID 2368 wrote to memory of 2656	2368	cd57e4c171d6e8f5ea8b8f824a6a7316.exe	28

C:\Users\Admin\AppData\Local\Temp\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2368 -s 620
  2⤵
  PID:2656

memory/2368-0-0x000007FEF5593000-0x000007FEF5594000-memory.dmp

Filesize
4KB

Download
memory/2368-1-0x000000013F3B0000-0x000000013F3CA000-memory.dmp

Filesize
104KB

Download
memory/2368-2-0x000007FEF5590000-0x000007FEF5F7C000-memory.dmp

Filesize
9.9MB

Download