41defc4022b9873c0f3744cd420c35860b9c04ad8d003eaf2d65164c087350bb

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05-07-2024 01:38

Target

41defc4022b9873c0f3744cd420c35860b9c04ad8d003eaf2d65164c087350bb.exe
Size

10.0MB
MD5

36e14bebd63c297a1dbbc0903ddcd1c1
SHA1

3db9376ea0ab1f3b259ccdadc0ea1f076ac9a8c9
SHA256

41defc4022b9873c0f3744cd420c35860b9c04ad8d003eaf2d65164c087350bb
SHA512

db000e32d601881556f0d046887a615125f380fa54ca83b27a3f3ed7e8160a37ad132d791c851f212a1973630e3119a56f84ed1b4883d2217e64fb9f7815dd76
SSDEEP

196608:dza0okD/dpV8WVB52ORx+AtWPazQK85ezfG3NqkH+FTPfLa3dx:dzGkD/d7tfZxFtWPaHsNqi+dPfLa3dx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 2692	2620	41defc4022b9873c0f3744cd420c35860b9c04ad8d003eaf2d65164c087350bb.exe	31
PID 2620 wrote to memory of 2692	2620	41defc4022b9873c0f3744cd420c35860b9c04ad8d003eaf2d65164c087350bb.exe	31
PID 2620 wrote to memory of 2692	2620	41defc4022b9873c0f3744cd420c35860b9c04ad8d003eaf2d65164c087350bb.exe	31

C:\Users\Admin\AppData\Local\Temp\41defc4022b9873c0f3744cd420c35860b9c04ad8d003eaf2d65164c087350bb.exe
"C:\Users\Admin\AppData\Local\Temp\41defc4022b9873c0f3744cd420c35860b9c04ad8d003eaf2d65164c087350bb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2620 -s 500
  2⤵
  PID:2692

memory/2620-0-0x000007FEF4FE3000-0x000007FEF4FE4000-memory.dmp

Filesize
4KB

Download
memory/2620-1-0x00000000000F0000-0x0000000000AE8000-memory.dmp

Filesize
10.0MB

Download
memory/2620-2-0x000007FEF4FE3000-0x000007FEF4FE4000-memory.dmp

Filesize
4KB

Download