673ce37383988054dc13473a4e60a91ac73cd3fc9421809ddef784fd960a843a

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-11-2024 06:14

Target

673ce37383988054dc13473a4e60a91ac73cd3fc9421809ddef784fd960a843aN.exe
Size

697KB
MD5

7b4bfd8cf457c98bfc21b3f9d659c060
SHA1

ef5468c1fff8a4b94e804b5c8ac42160d857d2fc
SHA256

673ce37383988054dc13473a4e60a91ac73cd3fc9421809ddef784fd960a843a
SHA512

32353f5013b07084bda93bf8a1d635866a2757f58393ffad1821c10d7e9bbaada4fccc56cf33d92c7419ae56c36bc6759b37cae59a1a2bdace7e8054022f0686
SSDEEP

6144:lbHgFf0cUDe7WkrqYMMH8xWioVHQv4nldFiN+ihcy5/gt+xZRtiKzvzaOV3YaK:lbHCfn6krqJMH8xWiEHQvoniNp5nIaK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

673ce37383988054dc13473a4e60a91ac73cd3fc9421809ddef784fd960a843aN.exe

description	pid	process	target process
PID 2808 wrote to memory of 2164	2808	673ce37383988054dc13473a4e60a91ac73cd3fc9421809ddef784fd960a843aN.exe	WerFault.exe
PID 2808 wrote to memory of 2164	2808	673ce37383988054dc13473a4e60a91ac73cd3fc9421809ddef784fd960a843aN.exe	WerFault.exe
PID 2808 wrote to memory of 2164	2808	673ce37383988054dc13473a4e60a91ac73cd3fc9421809ddef784fd960a843aN.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\673ce37383988054dc13473a4e60a91ac73cd3fc9421809ddef784fd960a843aN.exe
"C:\Users\Admin\AppData\Local\Temp\673ce37383988054dc13473a4e60a91ac73cd3fc9421809ddef784fd960a843aN.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2808 -s 76
  2⤵
  PID:2164