eb53f79f9f1c686fe8e44ce85c4a8b2cef36ae6f98100b58220411edd434c33a

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
24/03/2023, 13:34

Target

BestChange.exe
Size

66KB
MD5

5fa2b6ad16e9d77e8fd4f25e640b4a41
SHA1

1292b6b9104c76fb4a981e67da3c1b88f15da2e1
SHA256

eb53f79f9f1c686fe8e44ce85c4a8b2cef36ae6f98100b58220411edd434c33a
SHA512

818d85b4900325904e94d0183b1c3a289b2e3069ecc15a8ac09fe20f90be335956da75b520b77be71ba7316cdd682785e41f2e532a6b53016c2b0faaa174beeb
SSDEEP

1536:04wRwcnJe7DvRvHhZuCDgRy2pjlQjUwWrE/npo3LL+UDpQGMnqdoHMm:04wR9Je7DvRvHhZ6DjEw+UDpQGMnqdo9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
864	1104	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 864	1104	BestChange.exe	28
PID 1104 wrote to memory of 864	1104	BestChange.exe	28
PID 1104 wrote to memory of 864	1104	BestChange.exe	28
PID 1104 wrote to memory of 864	1104	BestChange.exe	28

C:\Users\Admin\AppData\Local\Temp\BestChange.exe
"C:\Users\Admin\AppData\Local\Temp\BestChange.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 564
  2⤵
  - Program crash
  PID:864

memory/1104-54-0x0000000001010000-0x0000000001026000-memory.dmp

Filesize
88KB

Download