ce44b55192c3bd0ddfde07a7a9570be93de52ae66783d90950862b87bf8ce365

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-09-2024 01:06

Target

ce44b55192c3bd0ddfde07a7a9570be93de52ae66783d90950862b87bf8ce365.exe
Size

669KB
MD5

3614277aefb499bc3dcf09e5fbe9a612
SHA1

21e4d1993ebecf5b15e3ef257150fe00d58eb577
SHA256

ce44b55192c3bd0ddfde07a7a9570be93de52ae66783d90950862b87bf8ce365
SHA512

81a503dbea251e2c13a586e530564ed483aa5e3a0f92a14805d692ea91e438d878b36384b8920d8f80c3a3f475758f112d21080c4bea6d6fe4322650a10c2c4b
SSDEEP

6144:xwrGnfIRzRSPpwMHjH4ZGL3O0b83ii96AMaJB8udk4+xZRtiKzvzaOLVY+:xAGwtRSPuMHjH0GL3OB3x6Faa6+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

ce44b55192c3bd0ddfde07a7a9570be93de52ae66783d90950862b87bf8ce365.exe

description	pid	process	target process
PID 2340 wrote to memory of 2388	2340	ce44b55192c3bd0ddfde07a7a9570be93de52ae66783d90950862b87bf8ce365.exe	WerFault.exe
PID 2340 wrote to memory of 2388	2340	ce44b55192c3bd0ddfde07a7a9570be93de52ae66783d90950862b87bf8ce365.exe	WerFault.exe
PID 2340 wrote to memory of 2388	2340	ce44b55192c3bd0ddfde07a7a9570be93de52ae66783d90950862b87bf8ce365.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\ce44b55192c3bd0ddfde07a7a9570be93de52ae66783d90950862b87bf8ce365.exe
"C:\Users\Admin\AppData\Local\Temp\ce44b55192c3bd0ddfde07a7a9570be93de52ae66783d90950862b87bf8ce365.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2340

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2340 -s 76
2⤵
PID:2388