37fe77ebb9e0a268328482308d6779b0f5f08e4553833c9ac2da10492a55e8b3

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 20:21

Target

crypted.exe
Size

1.2MB
MD5

b12e6c33aaa13c1e79772ef9817c69f7
SHA1

e8d7ad2964419f9324e37016e5d6e2763184ad62
SHA256

37fe77ebb9e0a268328482308d6779b0f5f08e4553833c9ac2da10492a55e8b3
SHA512

c24f6a289c36d57396b3287a9db981280eadf84be583359d0d01ab4ee4553b80365134dca62c89ad7575e07e3c039aa10f4a2d37d230e81660f46a287b8a95eb
SSDEEP

12288:VGQn7ZDgpAW8VTOzIUfVX5CF/ED2Na1n+gaG7rOqKa5OxaOlt1HZEzoYBcOxzKO5:Z23rzD2NaVDgdfE8Ac7BFUNppZwrlUR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2540	2392	crypted.exe	31
PID 2392 wrote to memory of 2540	2392	crypted.exe	31
PID 2392 wrote to memory of 2540	2392	crypted.exe	31

C:\Users\Admin\AppData\Local\Temp\crypted.exe
"C:\Users\Admin\AppData\Local\Temp\crypted.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2392 -s 36
  2⤵
  PID:2540