420f8b19c682c6ac717db9bcc36214ea391375c2e14847b7f8288f3524d1d4a2

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 07:18

Target

420f8b19c682c6ac717db9bcc36214ea391375c2e14847b7f8288f3524d1d4a2.exe
Size

6KB
MD5

e9321fcc608116eea874effc9b21c84d
SHA1

50a348d4e8f89820d2a4e4ddca9f5bdf94d74459
SHA256

420f8b19c682c6ac717db9bcc36214ea391375c2e14847b7f8288f3524d1d4a2
SHA512

95b7cca9a5954eb346bf68c5f2e6d721c66a9431090f6e27777ba533fcf847c523f3ed1abbf7e0cd97a36fa575d3bc8126a9e36cbce4260b46905a35336e49d3
SSDEEP

48:Shbt0S4FVgCp471Ib4Fc/38+N7DYocHa23WlTpebVetFygFI5a2oxdVoZiG/9uiO:w0mIGnFc/38+N4ZHJWSY9FI5WqDx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 996	3048	420f8b19c682c6ac717db9bcc36214ea391375c2e14847b7f8288f3524d1d4a2.exe	29
PID 3048 wrote to memory of 996	3048	420f8b19c682c6ac717db9bcc36214ea391375c2e14847b7f8288f3524d1d4a2.exe	29
PID 3048 wrote to memory of 996	3048	420f8b19c682c6ac717db9bcc36214ea391375c2e14847b7f8288f3524d1d4a2.exe	29

C:\Users\Admin\AppData\Local\Temp\420f8b19c682c6ac717db9bcc36214ea391375c2e14847b7f8288f3524d1d4a2.exe
"C:\Users\Admin\AppData\Local\Temp\420f8b19c682c6ac717db9bcc36214ea391375c2e14847b7f8288f3524d1d4a2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3048 -s 32
  2⤵
  PID:996