0c4f16b60007f235566f2e4ad05a1f6f6bdbf8477b26d08952922f104745a121

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
31-10-2024 21:15

Target

0c4f16b60007f235566f2e4ad05a1f6f6bdbf8477b26d08952922f104745a121.exe
Size

731KB
MD5

fb4a0c953c51e1fc8e42021337d1f8f4
SHA1

ab1522e84e8c1cda9b304ef39603880d1a3d015b
SHA256

0c4f16b60007f235566f2e4ad05a1f6f6bdbf8477b26d08952922f104745a121
SHA512

3b708f51322adcd82649b70e125e70b9a9fc5263557d37e7a4a2007d43e33773910b3948a52a52c0f2c9e49d225be2acd74ae1dd8e45b1e1c9cc0e452e856941
SSDEEP

6144:Fp19SmYRZbsuSBs3ojpe6aABlwZFsr5pOGJr3eRqk3tJc+xZRtiKzvzaOKIeM87q:Fp1EPZbsu2s3ojpe6aeSg3DeRqkUWd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

0c4f16b60007f235566f2e4ad05a1f6f6bdbf8477b26d08952922f104745a121.exe

description	pid	process	target process
PID 2200 wrote to memory of 2060	2200	0c4f16b60007f235566f2e4ad05a1f6f6bdbf8477b26d08952922f104745a121.exe	WerFault.exe
PID 2200 wrote to memory of 2060	2200	0c4f16b60007f235566f2e4ad05a1f6f6bdbf8477b26d08952922f104745a121.exe	WerFault.exe
PID 2200 wrote to memory of 2060	2200	0c4f16b60007f235566f2e4ad05a1f6f6bdbf8477b26d08952922f104745a121.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\0c4f16b60007f235566f2e4ad05a1f6f6bdbf8477b26d08952922f104745a121.exe
"C:\Users\Admin\AppData\Local\Temp\0c4f16b60007f235566f2e4ad05a1f6f6bdbf8477b26d08952922f104745a121.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2200 -s 76
  2⤵
  PID:2060