dcebc5edd9ac85b1d3a6bd63ebc6f9a109bfbdc4ba3cee68c908bcf78e5a0bbc

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/02/2025, 05:18

Target

dcebc5edd9ac85b1d3a6bd63ebc6f9a109bfbdc4ba3cee68c908bcf78e5a0bbc.exe
Size

669KB
MD5

bbba00405e55ee578231573b08d9f331
SHA1

c4e61833acaf623a7ce609444cbaa84223d32124
SHA256

dcebc5edd9ac85b1d3a6bd63ebc6f9a109bfbdc4ba3cee68c908bcf78e5a0bbc
SHA512

72631c0b7f1886d7822721aeb69f8447ac2132a7c38ab02f9b0b5b32d7249b9915e7c89a6060b954949c5c178ef0b48f9f5d4e5c09e842475cf1905337c6af89
SSDEEP

6144:xwrGnfIRzRSPpwMHjH4ZGL3O0b83ii96AMaJB8udk4+xZRtiKzvzaOLVY2:xAGwtRSPuMHjH0GL3OB3x6Faa62

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 3024	3004	dcebc5edd9ac85b1d3a6bd63ebc6f9a109bfbdc4ba3cee68c908bcf78e5a0bbc.exe	30
PID 3004 wrote to memory of 3024	3004	dcebc5edd9ac85b1d3a6bd63ebc6f9a109bfbdc4ba3cee68c908bcf78e5a0bbc.exe	30
PID 3004 wrote to memory of 3024	3004	dcebc5edd9ac85b1d3a6bd63ebc6f9a109bfbdc4ba3cee68c908bcf78e5a0bbc.exe	30

C:\Users\Admin\AppData\Local\Temp\dcebc5edd9ac85b1d3a6bd63ebc6f9a109bfbdc4ba3cee68c908bcf78e5a0bbc.exe
"C:\Users\Admin\AppData\Local\Temp\dcebc5edd9ac85b1d3a6bd63ebc6f9a109bfbdc4ba3cee68c908bcf78e5a0bbc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3004 -s 76
  2⤵
  PID:3024