797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
07/12/2024, 18:22

Target

797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96.exe
Size

2.5MB
MD5

4f03dcb1e44a6b89d910cb4f41198172
SHA1

4b14b8244f5cd389c20fba033823be6b489c854e
SHA256

797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96
SHA512

27a7a4acadaee21da7d80e08d62b898a8f9d9f3375f85ce6c72e4244b20b63f437c932cb6722a236effb128e6eae34e6f49851f4d6d033076d4c6aeb27147fe7
SSDEEP

49152:pLIbv9GOcDhnSV/vwyTgoypdxxR6ch2CL04r+y/PioT8uNPqmQ0rFPYrxV:0LwyTgoIdL8YeuNSFl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 2348	1488	797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96.exe	31
PID 1488 wrote to memory of 2348	1488	797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96.exe	31
PID 1488 wrote to memory of 2348	1488	797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96.exe	31

C:\Users\Admin\AppData\Local\Temp\797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96.exe
"C:\Users\Admin\AppData\Local\Temp\797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1488 -s 28
  2⤵
  PID:2348

memory/1488-0-0x000000013F240000-0x000000013F4BD000-memory.dmp

Filesize
2.5MB

Download