00d1168bb5fc8774e3dc80a3f1df39ca5f20a08edd82445c1b1c6e1fd6c2e896

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 01:55

Target

a53dc827e87e1154069a9c1a3ffa8931652f071d5ffac59a5c266abb9347da7e.exe
Size

1012KB
MD5

f64fcd0fd6f6d1bc524941b0002dc4ea
SHA1

688990210610126aeff4558e1ab0c6c4a30e68b7
SHA256

a53dc827e87e1154069a9c1a3ffa8931652f071d5ffac59a5c266abb9347da7e
SHA512

65b1508167287d47ebbe92b2b17b3193a9c06ba826e82eff56e3890ca0b5e301ed5d173231e29b4e092b1e29ec68913cb7522c621fea42633a463b817502be8b
SSDEEP

24576:52xEIz5/oL1ikNewYklbp9SB9yhHihCFKuiR14UBmbHTsS:0f/o8koyBp9SUHMChif4y

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2720	1672	a53dc827e87e1154069a9c1a3ffa8931652f071d5ffac59a5c266abb9347da7e.exe	28
PID 1672 wrote to memory of 2720	1672	a53dc827e87e1154069a9c1a3ffa8931652f071d5ffac59a5c266abb9347da7e.exe	28
PID 1672 wrote to memory of 2720	1672	a53dc827e87e1154069a9c1a3ffa8931652f071d5ffac59a5c266abb9347da7e.exe	28

C:\Users\Admin\AppData\Local\Temp\a53dc827e87e1154069a9c1a3ffa8931652f071d5ffac59a5c266abb9347da7e.exe
"C:\Users\Admin\AppData\Local\Temp\a53dc827e87e1154069a9c1a3ffa8931652f071d5ffac59a5c266abb9347da7e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1672 -s 632
  2⤵
  PID:2720

memory/1672-0-0x000007FEF55E3000-0x000007FEF55E4000-memory.dmp

Filesize
4KB

Download
memory/1672-1-0x000000013FA10000-0x000000013FB10000-memory.dmp

Filesize
1024KB

Download
memory/1672-2-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

Filesize
9.9MB

Download
memory/1672-3-0x0000000000790000-0x00000000007B4000-memory.dmp

Filesize
144KB

Download
memory/1672-4-0x000007FEF55E3000-0x000007FEF55E4000-memory.dmp

Filesize
4KB

Download
memory/1672-5-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

Filesize
9.9MB

Download
memory/1672-6-0x00000000009D0000-0x00000000009E6000-memory.dmp

Filesize
88KB

Download
memory/1672-7-0x00000000008A0000-0x00000000008B4000-memory.dmp

Filesize
80KB

Download
memory/1672-8-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

Filesize
9.9MB

Download
memory/1672-9-0x000000001C2B0000-0x000000001C35A000-memory.dmp

Filesize
680KB

Download
memory/1672-10-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

Filesize
9.9MB

Download