333cbdcc5ff977d20596fb805e599e1cc20fe233be7b4f83ca6590bb39fe0a97

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
27-03-2023 00:22

Target

Yully Spoofer.exe
Size

404KB
MD5

cbe46de2863cc2c5dfbd8e0a67768558
SHA1

b2fd24f3d73c1e76ca28b693b58e926dcc8c4e21
SHA256

333cbdcc5ff977d20596fb805e599e1cc20fe233be7b4f83ca6590bb39fe0a97
SHA512

9f53540cc015df47d5fce3ef267db9c3b9d85e761785bcab7b7f04dca1f7a033b2ff7fcd48d3623111a054adb513e104033d5edbc7767bce7038185228455693
SSDEEP

6144:i5vcoYE4QRFRlhjcc+q6vvbva8W2vfwXQMX909CPlNCEenaT5xBFn66TaJc0gbwq:UvV3bxA1oXTe9qlNZenmxPLK/vzrU7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1420	1540	WerFault.exe	22

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 1420	1540	Yully Spoofer.exe	28
PID 1540 wrote to memory of 1420	1540	Yully Spoofer.exe	28
PID 1540 wrote to memory of 1420	1540	Yully Spoofer.exe	28
PID 1540 wrote to memory of 1420	1540	Yully Spoofer.exe	28

C:\Users\Admin\AppData\Local\Temp\Yully Spoofer.exe
"C:\Users\Admin\AppData\Local\Temp\Yully Spoofer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 628
  2⤵
  - Program crash
  PID:1420

memory/1540-54-0x0000000000090000-0x00000000000FA000-memory.dmp

Filesize
424KB

Download
memory/1540-55-0x0000000002100000-0x0000000002140000-memory.dmp

Filesize
256KB

Download
memory/1540-56-0x0000000002100000-0x0000000002140000-memory.dmp

Filesize
256KB

Download