aa46a10b5392afadabb645417e88a32a95a82796b4b9517ea983ee589ed78ab6

Analysis

max time kernel
18s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
06-08-2024 10:01

Target

aa46a10b5392afadabb645417e88a32a95a82796b4b9517ea983ee589ed78ab6.exe
Size

1.5MB
MD5

15d9dc56b9a997471275fb1281048971
SHA1

8cc0fcec88880863806a689529a23e530167bed6
SHA256

aa46a10b5392afadabb645417e88a32a95a82796b4b9517ea983ee589ed78ab6
SHA512

e9b80928c969568fbfc03392e1859b36f1eb64e79975b8881170c9eb4c59d2b080ad715b7938bdfd617d9c833413064dd329d5e128aafdd2ffd18b162f17f781
SSDEEP

24576:n37gywC0vAr0GWnb/qKoBLgSeUs0UcRVjb+1K0XtA:376vtnlYs0Za1Kt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 1596	1984	aa46a10b5392afadabb645417e88a32a95a82796b4b9517ea983ee589ed78ab6.exe	30
PID 1984 wrote to memory of 1596	1984	aa46a10b5392afadabb645417e88a32a95a82796b4b9517ea983ee589ed78ab6.exe	30
PID 1984 wrote to memory of 1596	1984	aa46a10b5392afadabb645417e88a32a95a82796b4b9517ea983ee589ed78ab6.exe	30

C:\Users\Admin\AppData\Local\Temp\aa46a10b5392afadabb645417e88a32a95a82796b4b9517ea983ee589ed78ab6.exe
"C:\Users\Admin\AppData\Local\Temp\aa46a10b5392afadabb645417e88a32a95a82796b4b9517ea983ee589ed78ab6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1984 -s 252
  2⤵
  PID:1596