1fcb8e8f888c389b97afd3ed5f4caf3cb12c4a0658d519f325165066515cc284

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 22:07

Target

7bb79f09ba2f83adae49410ce65fb800N.exe
Size

867KB
MD5

7bb79f09ba2f83adae49410ce65fb800
SHA1

c1a2bebd55eeca061131307aa99bc35559a29ac0
SHA256

1fcb8e8f888c389b97afd3ed5f4caf3cb12c4a0658d519f325165066515cc284
SHA512

e3c4b4b0c76b49bd3b877ec629204f975dc83bc453c3a475a7f01f82801ff4256cf38a8a33431a6ba1735b05dd65a15ef2ae25d8ed0509b7b0c10a74d3bd6ce2
SSDEEP

24576:uh2YBcrQm+2DR7BWYpWUo44kEOKBWppwC:UvOM07VZ5EOa+7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2800	2372	7bb79f09ba2f83adae49410ce65fb800N.exe	30
PID 2372 wrote to memory of 2800	2372	7bb79f09ba2f83adae49410ce65fb800N.exe	30
PID 2372 wrote to memory of 2800	2372	7bb79f09ba2f83adae49410ce65fb800N.exe	30

C:\Users\Admin\AppData\Local\Temp\7bb79f09ba2f83adae49410ce65fb800N.exe
"C:\Users\Admin\AppData\Local\Temp\7bb79f09ba2f83adae49410ce65fb800N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2372 -s 624
  2⤵
  PID:2800

memory/2372-0-0x000007FEF5103000-0x000007FEF5104000-memory.dmp

Filesize
4KB

Download
memory/2372-1-0x0000000001320000-0x00000000013F8000-memory.dmp

Filesize
864KB

Download
memory/2372-2-0x000007FEF5100000-0x000007FEF5AEC000-memory.dmp

Filesize
9.9MB

Download
memory/2372-3-0x000007FEF5103000-0x000007FEF5104000-memory.dmp

Filesize
4KB

Download
memory/2372-4-0x000007FEF5100000-0x000007FEF5AEC000-memory.dmp

Filesize
9.9MB

Download