5fe63bed0ff5b04fbe2afee8cd9ba4dd9da6bc981540820079a9e2a438befea2

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-11-2024 04:04

Target

5fe63bed0ff5b04fbe2afee8cd9ba4dd9da6bc981540820079a9e2a438befea2N.exe
Size

697KB
MD5

1c1768024d6af8eef49660292bd77100
SHA1

0bac5abb77d34320b9bffa7bec46ad4a67725d1e
SHA256

5fe63bed0ff5b04fbe2afee8cd9ba4dd9da6bc981540820079a9e2a438befea2
SHA512

22065f522d30738486e1e30e043a502ec6fa4f4b354757cf5d3e42a53170d2db008838b4fd7199606179b1c283fabaa83f76d7844520c8af20d3f444c326762e
SSDEEP

6144:lbHgFf0cUDe7WkrqYMMH8xWioVHQv4nldFiN+ihcy5/gt+xZRtiKzvzaOV3Ya2:lbHCfn6krqJMH8xWiEHQvoniNp5nIa2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

5fe63bed0ff5b04fbe2afee8cd9ba4dd9da6bc981540820079a9e2a438befea2N.exe

description	pid	process	target process
PID 2688 wrote to memory of 2228	2688	5fe63bed0ff5b04fbe2afee8cd9ba4dd9da6bc981540820079a9e2a438befea2N.exe	WerFault.exe
PID 2688 wrote to memory of 2228	2688	5fe63bed0ff5b04fbe2afee8cd9ba4dd9da6bc981540820079a9e2a438befea2N.exe	WerFault.exe
PID 2688 wrote to memory of 2228	2688	5fe63bed0ff5b04fbe2afee8cd9ba4dd9da6bc981540820079a9e2a438befea2N.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\5fe63bed0ff5b04fbe2afee8cd9ba4dd9da6bc981540820079a9e2a438befea2N.exe
"C:\Users\Admin\AppData\Local\Temp\5fe63bed0ff5b04fbe2afee8cd9ba4dd9da6bc981540820079a9e2a438befea2N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2688 -s 76
  2⤵
  PID:2228