45c9cbe237737513db29979674b8595e9f3fea965bb4bbbc0f9f757851376515

Analysis

max time kernel
2s
max time network
6s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 09:36

Target

CloudNotifications.exe
Size

152KB
MD5

49ed342dd96d6e12f0540832f042e768
SHA1

27a1131b80f155d5f10310bc0a2309058a5debe5
SHA256

45c9cbe237737513db29979674b8595e9f3fea965bb4bbbc0f9f757851376515
SHA512

6c34cb9c03556e62fe470655137e36e4b69588247186865c2fbddcf16d638218f52e193ce16fe2bbbeb1d332e9d45b757ec3ca1bc793b3d293e51c9c30173274
SSDEEP

3072:0gPMcgqlwjzGZgaSTWdvJAACE4+2n1nZUSZGfbJdpv3efPgA4D2n5/Av4FrFcJPm:hPeqlwjyZ1STWdvJmE2ZsjpPeXdpFrFZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 1252	2156	CloudNotifications.exe	30
PID 2156 wrote to memory of 1252	2156	CloudNotifications.exe	30
PID 2156 wrote to memory of 1252	2156	CloudNotifications.exe	30

C:\Users\Admin\AppData\Local\Temp\CloudNotifications.exe
"C:\Users\Admin\AppData\Local\Temp\CloudNotifications.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2156 -s 84
  2⤵
  PID:1252

memory/2156-0-0x000000013F700000-0x000000013F73F000-memory.dmp

Filesize
252KB

Download