d879a287c3b3f18feb23c6134b7691094c83084f52ac7bac2763ce95d4b2ad3a

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-11-2024 05:05

Target

d879a287c3b3f18feb23c6134b7691094c83084f52ac7bac2763ce95d4b2ad3aN.exe
Size

311KB
MD5

87a53c360eef63e7ce976c082a58f4b0
SHA1

3a09a86056cfab2e280090cf33dc11365afec1f5
SHA256

d879a287c3b3f18feb23c6134b7691094c83084f52ac7bac2763ce95d4b2ad3a
SHA512

a0c5a36987102dde2742ce1ab44e0a89ad00f4f428178603aa56b547ea83d3f02433a570513d1a9f71ff9a40a2d1e30680b671df04004902ea589a6bcb7ab9a7
SSDEEP

6144:CD10T8d6hY1faZLUHow4CFTPk2rrXVmtiHh7oe+A7S:G0T8d6hYV2sTTPjpmrA7S

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 1704	2504	d879a287c3b3f18feb23c6134b7691094c83084f52ac7bac2763ce95d4b2ad3aN.exe	31
PID 2504 wrote to memory of 1704	2504	d879a287c3b3f18feb23c6134b7691094c83084f52ac7bac2763ce95d4b2ad3aN.exe	31
PID 2504 wrote to memory of 1704	2504	d879a287c3b3f18feb23c6134b7691094c83084f52ac7bac2763ce95d4b2ad3aN.exe	31

C:\Users\Admin\AppData\Local\Temp\d879a287c3b3f18feb23c6134b7691094c83084f52ac7bac2763ce95d4b2ad3aN.exe
"C:\Users\Admin\AppData\Local\Temp\d879a287c3b3f18feb23c6134b7691094c83084f52ac7bac2763ce95d4b2ad3aN.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2504 -s 36
  2⤵
  PID:1704