5a9437344ef2448175995360fbb9f7d7baefc26dc28bdc4b4a01df7187170fc5

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10-10-2024 16:24

Target

ae2414d162454346d9a520ea3835e94c.exe
Size

2.6MB
MD5

ae2414d162454346d9a520ea3835e94c
SHA1

00e18ceba9a29bf1faaffa45007504af1d9f8825
SHA256

5a9437344ef2448175995360fbb9f7d7baefc26dc28bdc4b4a01df7187170fc5
SHA512

a6e67234476def220ca5431f974b454aeee4dda9f7e1d6f949c19457c5ab843cc7ae845bf16530870a40574c57d4c519972b094ba40ec0f8055d7bcb493a9beb
SSDEEP

49152:JZPf0tL9d77T+WScpPNBqB0+imjS9fQzQ7D0LSrydeJgUgLw+Q:yVScpPN3AfaIL+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2080	2440	ae2414d162454346d9a520ea3835e94c.exe	28
PID 2440 wrote to memory of 2080	2440	ae2414d162454346d9a520ea3835e94c.exe	28
PID 2440 wrote to memory of 2080	2440	ae2414d162454346d9a520ea3835e94c.exe	28

C:\Users\Admin\AppData\Local\Temp\ae2414d162454346d9a520ea3835e94c.exe
"C:\Users\Admin\AppData\Local\Temp\ae2414d162454346d9a520ea3835e94c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2440 -s 28
  2⤵
  PID:2080

memory/2440-0-0x000000013FDB0000-0x0000000140056000-memory.dmp

Filesize
2.6MB

Download