52c0ca463a8d86d8f4be1ebb3d0559ae9fa1d6ec045cc458863d42207b43d338

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-07-2024 16:36

Target

CloudSecurity.exe
Size

669KB
MD5

739b068cdf1a095562cc18fedf520c5e
SHA1

3d26ea9d884ef8ec30d1373ab388d28f2b94f1d3
SHA256

abcac2031965695b7b513f4fecb8909a4137f035452daea19af090c25cb29954
SHA512

62cec4e4765cd0e3b59f1e438da34b6acdef29b4d32eaba7ea76a6b67ec5d630e2d23ad6876cb12fdbd285cc53a05f5a38145800a062e79f65424b5fb076e1c5
SSDEEP

6144:xwrGnfIRzRSPpwMHjH4ZGL3O0b83ii96AMaJB8udk4+xZRtiKzvzaOLVYd:xAGwtRSPuMHjH0GL3OB3x6Faa6d

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

CloudSecurity.exe

description	pid	process	target process
PID 2112 wrote to memory of 2240	2112	CloudSecurity.exe	WerFault.exe
PID 2112 wrote to memory of 2240	2112	CloudSecurity.exe	WerFault.exe
PID 2112 wrote to memory of 2240	2112	CloudSecurity.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\CloudSecurity.exe
"C:\Users\Admin\AppData\Local\Temp\CloudSecurity.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2112

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2112 -s 76
2⤵
PID:2240