324bdba46dad7a6e0d2fd8c4cb3a9037d8aaf1d7827d6caab3ee3f752c8808c8

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
24/03/2023, 11:01

Target

324bdba46dad7a6e0d2fd8c4cb3a9037d8aaf1d7827d6caab3ee3f752c8808c8.exe
Size

1.6MB
MD5

6e9ce81d2643be60339fad94bc8730c6
SHA1

2119d379f64581353f6477bb0699b3807d4d6dad
SHA256

324bdba46dad7a6e0d2fd8c4cb3a9037d8aaf1d7827d6caab3ee3f752c8808c8
SHA512

7c2acef6803ce5e0d9174745481e24a93811bffaed224b9cf13cd85d4db0a8a339c1550570c0c5faa1d02f4eadf1b789a6d64755b3dfdacdecb50a0f374f3191
SSDEEP

24576:KVrr0JloL2aeJEA9fPcbhZ98K7jH8lYSxpQMBCjZEJ5FT0zmH2jU9s:Kf+bhIWPxpVJzT0zmm3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1732	2040	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1732	2040	324bdba46dad7a6e0d2fd8c4cb3a9037d8aaf1d7827d6caab3ee3f752c8808c8.exe	28
PID 2040 wrote to memory of 1732	2040	324bdba46dad7a6e0d2fd8c4cb3a9037d8aaf1d7827d6caab3ee3f752c8808c8.exe	28
PID 2040 wrote to memory of 1732	2040	324bdba46dad7a6e0d2fd8c4cb3a9037d8aaf1d7827d6caab3ee3f752c8808c8.exe	28
PID 2040 wrote to memory of 1732	2040	324bdba46dad7a6e0d2fd8c4cb3a9037d8aaf1d7827d6caab3ee3f752c8808c8.exe	28

C:\Users\Admin\AppData\Local\Temp\324bdba46dad7a6e0d2fd8c4cb3a9037d8aaf1d7827d6caab3ee3f752c8808c8.exe
"C:\Users\Admin\AppData\Local\Temp\324bdba46dad7a6e0d2fd8c4cb3a9037d8aaf1d7827d6caab3ee3f752c8808c8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 220
  2⤵
  - Program crash
  PID:1732

memory/2040-54-0x0000000000820000-0x00000000009EA000-memory.dmp

Filesize
1.8MB

Download