037a1b5e478c511e5dcc090e54198b5e1341c01be850561156a6a40fa34fd647

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
07-08-2024 18:20

Target

037a1b5e478c511e5dcc090e54198b5e1341c01be850561156a6a40fa34fd647.exe
Size

1.2MB
MD5

77e1b3dcd1963c8e0e5cb286b2c4daef
SHA1

3de5bedcf596ddd6e6dbaa80b867a38963aa8ae5
SHA256

037a1b5e478c511e5dcc090e54198b5e1341c01be850561156a6a40fa34fd647
SHA512

86f25c8041a9e36107f2e03e41ad4c4d7abeaf364c4af179c71ef2fbdb3ce694aa870609eb03b3020f9bb4622f7da60c85fd97c93304bf767fcf9e7c7ea0192c
SSDEEP

24576:YwTYpI1ZmuacfqbW+Du55sC/n++JXfdV74AyTlHD:1zZlfGW+6++JXfdV74Amlj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 1884	2516	037a1b5e478c511e5dcc090e54198b5e1341c01be850561156a6a40fa34fd647.exe	31
PID 2516 wrote to memory of 1884	2516	037a1b5e478c511e5dcc090e54198b5e1341c01be850561156a6a40fa34fd647.exe	31
PID 2516 wrote to memory of 1884	2516	037a1b5e478c511e5dcc090e54198b5e1341c01be850561156a6a40fa34fd647.exe	31

C:\Users\Admin\AppData\Local\Temp\037a1b5e478c511e5dcc090e54198b5e1341c01be850561156a6a40fa34fd647.exe
"C:\Users\Admin\AppData\Local\Temp\037a1b5e478c511e5dcc090e54198b5e1341c01be850561156a6a40fa34fd647.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2516 -s 560
  2⤵
  PID:1884

memory/2516-0-0x000007FEF5763000-0x000007FEF5764000-memory.dmp

Filesize
4KB

Download
memory/2516-1-0x0000000000E90000-0x0000000000E9A000-memory.dmp

Filesize
40KB

Download
memory/2516-2-0x000007FEF5763000-0x000007FEF5764000-memory.dmp

Filesize
4KB

Download