bfd4a0f3bd82a7ea4d9f714e4b641a24cd489b958a836b8eda3603bf6093e9e3

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23/03/2023, 05:20

Target

9789c8bc298591b7e910fa77b08da478.exe
Size

1.1MB
MD5

9789c8bc298591b7e910fa77b08da478
SHA1

e39c61d0b44ce3a30b27a7dccc0d263193bc766f
SHA256

bfd4a0f3bd82a7ea4d9f714e4b641a24cd489b958a836b8eda3603bf6093e9e3
SHA512

4fcfa9d2a0ea8999e285e1a6a5c14ebeebe7923bf80876e0fb3bff4351d183c82b84880ba036df77beaad409d043891bad915d24a472a5a43e942e57a2eaf34f
SSDEEP

12288:U3Fm459NcewAv+ylerAQ64ZH70O35eKCTwiO1eDRi2Uv:U3R59CSvJgnwSE+eDRi

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1296	1204	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 1296	1204	9789c8bc298591b7e910fa77b08da478.exe	28
PID 1204 wrote to memory of 1296	1204	9789c8bc298591b7e910fa77b08da478.exe	28
PID 1204 wrote to memory of 1296	1204	9789c8bc298591b7e910fa77b08da478.exe	28
PID 1204 wrote to memory of 1296	1204	9789c8bc298591b7e910fa77b08da478.exe	28

C:\Users\Admin\AppData\Local\Temp\9789c8bc298591b7e910fa77b08da478.exe
"C:\Users\Admin\AppData\Local\Temp\9789c8bc298591b7e910fa77b08da478.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 520
  2⤵
  - Program crash
  PID:1296

memory/1204-54-0x0000000000200000-0x000000000032A000-memory.dmp

Filesize
1.2MB

Download