a2f9d552f9800789a0f9ef47fbd200a06eebac762612660b9f75a44e65933623

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-12-2024 14:48

Target

a2f9d552f9800789a0f9ef47fbd200a06eebac762612660b9f75a44e65933623.exe
Size

328KB
MD5

157698d07c8474d40628d0c013d7bdd3
SHA1

0463cc7833dc67417aa6590669260e20b48e86b4
SHA256

a2f9d552f9800789a0f9ef47fbd200a06eebac762612660b9f75a44e65933623
SHA512

342891c3de660b55ec03a42f8990ffe19b7aa2a3d475dbc5636945f70fa8a3a8d9639321e8d260f8ac5e34c10fd44727c335caed9559d1bbbfcf4f6298a4a8c2
SSDEEP

6144:vdza7ALxvWwGeiAPCS7BhpC0QkaEudHWi+mniaOFPQva8wT5Yot:vd+h9h6l7Xw0o3EiijF4vXct

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2788	2440	a2f9d552f9800789a0f9ef47fbd200a06eebac762612660b9f75a44e65933623.exe	31
PID 2440 wrote to memory of 2788	2440	a2f9d552f9800789a0f9ef47fbd200a06eebac762612660b9f75a44e65933623.exe	31
PID 2440 wrote to memory of 2788	2440	a2f9d552f9800789a0f9ef47fbd200a06eebac762612660b9f75a44e65933623.exe	31

C:\Users\Admin\AppData\Local\Temp\a2f9d552f9800789a0f9ef47fbd200a06eebac762612660b9f75a44e65933623.exe
"C:\Users\Admin\AppData\Local\Temp\a2f9d552f9800789a0f9ef47fbd200a06eebac762612660b9f75a44e65933623.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2440 -s 40
  2⤵
  PID:2788

memory/2440-0-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download