dd8e0b3a87b5a2f1ca7ac25a37c1f7883a3ea19a4d58cc5d389c0ce674828f99

Analysis

max time kernel
119s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/11/2024, 02:54 UTC

Target

dd8e0b3a87b5a2f1ca7ac25a37c1f7883a3ea19a4d58cc5d389c0ce674828f99N.exe
Size

697KB
MD5

4c4b46662384ce72aa4dbf97fc879740
SHA1

891be99ddf0c007208d6b48034449cd043a08665
SHA256

dd8e0b3a87b5a2f1ca7ac25a37c1f7883a3ea19a4d58cc5d389c0ce674828f99
SHA512

dbc29bb6bbbee7b15ebe7cd0c5fab2d890759942ee4e90f014f3702c57015a05784b6aa8f28d1a7f625ed305efbfcbe936a76ec119551dc158f75e706183c550
SSDEEP

6144:lbHgFf0cUDe7WkrqYMMH8xWioVHQv4nldFiN+ihcy5/gt+xZRtiKzvzaOV3Yap:lbHCfn6krqJMH8xWiEHQvoniNp5nIap

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 1996	1732	dd8e0b3a87b5a2f1ca7ac25a37c1f7883a3ea19a4d58cc5d389c0ce674828f99N.exe	30
PID 1732 wrote to memory of 1996	1732	dd8e0b3a87b5a2f1ca7ac25a37c1f7883a3ea19a4d58cc5d389c0ce674828f99N.exe	30
PID 1732 wrote to memory of 1996	1732	dd8e0b3a87b5a2f1ca7ac25a37c1f7883a3ea19a4d58cc5d389c0ce674828f99N.exe	30

C:\Users\Admin\AppData\Local\Temp\dd8e0b3a87b5a2f1ca7ac25a37c1f7883a3ea19a4d58cc5d389c0ce674828f99N.exe
"C:\Users\Admin\AppData\Local\Temp\dd8e0b3a87b5a2f1ca7ac25a37c1f7883a3ea19a4d58cc5d389c0ce674828f99N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1732 -s 76
  2⤵
  PID:1996