e6cfcfc964c7e9279e76748fa9b117f05c6b18aa3e43c3b39369d0115b53d609

Analysis

max time kernel
40s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
31-01-2023 09:32

Target

STOWAGE PLAN.exe
Size

617KB
MD5

fa213fb7cd93eae05e971750b38dbba7
SHA1

361572eea2646b77195da8fd3ddc17a14624400c
SHA256

9589a350843f9c5d3bdc6e7bf380e7e33b058956205551512dad7b87acb25cd5
SHA512

a546502bab1ab29f25090598d418247140870a571088c5004f0eb8b4fd5b70d996d94e64586011d1e36be2abd3fa70d75690915074e29a240f155c0df6acd2a6
SSDEEP

12288:7o6+C+2SlLVseHKNTn7tunA+/kSzeljwXqErzq3d7w9Vyla3CpMeGaR7cN:7orjseHKNTn7tunA+/kSzMKqWON8Vylo

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
968	1456	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 968	1456	STOWAGE PLAN.exe	26
PID 1456 wrote to memory of 968	1456	STOWAGE PLAN.exe	26
PID 1456 wrote to memory of 968	1456	STOWAGE PLAN.exe	26
PID 1456 wrote to memory of 968	1456	STOWAGE PLAN.exe	26

C:\Users\Admin\AppData\Local\Temp\STOWAGE PLAN.exe
"C:\Users\Admin\AppData\Local\Temp\STOWAGE PLAN.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 652
  2⤵
  - Program crash
  PID:968

memory/968-57-0x0000000000000000-mapping.dmp

Download
memory/1456-54-0x0000000000C80000-0x0000000000D20000-memory.dmp

Filesize
640KB

Download
memory/1456-55-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download
memory/1456-56-0x00000000003B0000-0x00000000003BE000-memory.dmp

Filesize
56KB

Download