e35ba541c58803f6ec98109c6e2bcb0dbd1dd65f9f51b1166ede6599928a37f0

Analysis

max time kernel
240s
max time network
245s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29/03/2025, 02:07

Target

recibo de pago.exe
Size

710KB
MD5

ef37cc9579f995f2f594bf5afa9abbc4
SHA1

e45d95b95fdcc2cc4cd39a0143dc8768e48182a7
SHA256

cbb5d6740bb58f3b8fe93408fd2fbc968023c121de1089c885a824c5a67e16e6
SHA512

4939c796abc2ee80dd316a0c8f51dba3566b981222dd98624e2c7015bb8e1aa61a67f69dccacf36999b6fc44dda86d2967b338c8016869223ab00c59961cf83d
SSDEEP

12288:KIR5x+u6RfbWYCrt/22puGGh6abmMbvZwPO5ICBwu1L8idw0sDn2GVr8DY+31PmE:I3WYatucdvGwu1I4EN+zF+Mt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2268	1820	recibo de pago.exe	29
PID 1820 wrote to memory of 2268	1820	recibo de pago.exe	29
PID 1820 wrote to memory of 2268	1820	recibo de pago.exe	29

C:\Users\Admin\AppData\Local\Temp\recibo de pago.exe
"C:\Users\Admin\AppData\Local\Temp\recibo de pago.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1820 -s 28
  2⤵
  PID:2268