41eda52877bd4d19632d6e5860e492b5d8accf923fc40c4604bece5491bda4a3

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-10-2024 13:30

Target

41eda52877bd4d19632d6e5860e492b5d8accf923fc40c4604bece5491bda4a3.exe
Size

2.4MB
MD5

4d91fd816d2bac403f052f864bcd62dc
SHA1

f861a0f192ae3bc05d993dcdafd667df30c43d13
SHA256

41eda52877bd4d19632d6e5860e492b5d8accf923fc40c4604bece5491bda4a3
SHA512

31c4ffca08050116bf0237fd42f0b9a800d5a3535eaf6a604b4fac0a0ac0827de727773f5e618e44d8975967d8c499629c04612f2f51d7d43b464d273508bc1f
SSDEEP

49152:ym3c8RgY8M2lBfNGy8Tt5nVzZTM3pyoaz+vXcDLbx4/XlbdZ0/TkBipmTzn:75y8Tt5r0azFLmv0/IBS0z

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2668	2644	41eda52877bd4d19632d6e5860e492b5d8accf923fc40c4604bece5491bda4a3.exe	30
PID 2644 wrote to memory of 2668	2644	41eda52877bd4d19632d6e5860e492b5d8accf923fc40c4604bece5491bda4a3.exe	30
PID 2644 wrote to memory of 2668	2644	41eda52877bd4d19632d6e5860e492b5d8accf923fc40c4604bece5491bda4a3.exe	30

C:\Users\Admin\AppData\Local\Temp\41eda52877bd4d19632d6e5860e492b5d8accf923fc40c4604bece5491bda4a3.exe
"C:\Users\Admin\AppData\Local\Temp\41eda52877bd4d19632d6e5860e492b5d8accf923fc40c4604bece5491bda4a3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2644 -s 28
  2⤵
  PID:2668

memory/2644-0-0x000000013F850000-0x000000013FAC6000-memory.dmp

Filesize
2.5MB

Download