797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 01:38

Target

797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96.exe
Size

2.5MB
MD5

4f03dcb1e44a6b89d910cb4f41198172
SHA1

4b14b8244f5cd389c20fba033823be6b489c854e
SHA256

797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96
SHA512

27a7a4acadaee21da7d80e08d62b898a8f9d9f3375f85ce6c72e4244b20b63f437c932cb6722a236effb128e6eae34e6f49851f4d6d033076d4c6aeb27147fe7
SSDEEP

49152:pLIbv9GOcDhnSV/vwyTgoypdxxR6ch2CL04r+y/PioT8uNPqmQ0rFPYrxV:0LwyTgoIdL8YeuNSFl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2780	2756	797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96.exe	30
PID 2756 wrote to memory of 2780	2756	797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96.exe	30
PID 2756 wrote to memory of 2780	2756	797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96.exe	30

C:\Users\Admin\AppData\Local\Temp\797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96.exe
"C:\Users\Admin\AppData\Local\Temp\797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2756 -s 28
  2⤵
  PID:2780

memory/2756-0-0x000000013FDA0000-0x000000014001D000-memory.dmp

Filesize
2.5MB

Download