d6ad60e2012e9540f0a2dcbefce70196029c2413f1776e980a735d918cf0a08f

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 09:08

Target

d6ad60e2012e9540f0a2dcbefce70196029c2413f1776e980a735d918cf0a08fN.exe
Size

50KB
MD5

a8e6825af2397cb7fd1ca7a830e67fd0
SHA1

d108828a79734af51b909ebaddeb193fda519a9c
SHA256

d6ad60e2012e9540f0a2dcbefce70196029c2413f1776e980a735d918cf0a08f
SHA512

17161bbb2d05a5a4dc8b21c94aa38edae49a973ba8d1e999276d18366ac1075ea6c239a80e620a174f2751c725b79775feb8b448d94236153317c87e274f7d32
SSDEEP

768:y2Meq/qjiFSNSvq7NHnwN980LJthQWU6pMRVj4gpQ7PJSx7OKHlJFTBVN+kReXO:yS4tMNm60ltqWUcGV0gpKSljHTv+kce

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 3000	1724	d6ad60e2012e9540f0a2dcbefce70196029c2413f1776e980a735d918cf0a08fN.exe	31
PID 1724 wrote to memory of 3000	1724	d6ad60e2012e9540f0a2dcbefce70196029c2413f1776e980a735d918cf0a08fN.exe	31
PID 1724 wrote to memory of 3000	1724	d6ad60e2012e9540f0a2dcbefce70196029c2413f1776e980a735d918cf0a08fN.exe	31

C:\Users\Admin\AppData\Local\Temp\d6ad60e2012e9540f0a2dcbefce70196029c2413f1776e980a735d918cf0a08fN.exe
"C:\Users\Admin\AppData\Local\Temp\d6ad60e2012e9540f0a2dcbefce70196029c2413f1776e980a735d918cf0a08fN.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1724 -s 516
  2⤵
  PID:3000

memory/1724-0-0x000007FEF5023000-0x000007FEF5024000-memory.dmp

Filesize
4KB

Download
memory/1724-1-0x0000000000B10000-0x0000000000B22000-memory.dmp

Filesize
72KB

Download