4e2b7e9370b5c2a8f587b98cd863950126a8b81744525400608f004b2994d156

Analysis

max time kernel
23s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
19-04-2023 18:27

Target

mMail Access Checker By Blackbeard/Mail Access Checker By Blackbeard.exe
Size

67.9MB
MD5

9132ad66ee47bec708139c39d6b7f20d
SHA1

34a11b80ef1ce3b6ba58c598feb0eab46b4e9e15
SHA256

1abf5f1e19d5bafea7a079475731e50aa01ccbb0b69dbf32d042e2837a3e5846
SHA512

1e2143196d6b53d10702d471769206f61e4df7a69ac536ec0c1dfbe54c5e6127d800b0071cd0fd5bd4ea2c527b9116914307b1861df1444719b444e095875a0f
SSDEEP

12288:B8m1AIh29LbGd4DWusojt2KAXM3PmzlxL/tUaCr68iATcw2JzTmpK99PaUW0dDGE:B8mY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
524	1444	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1444 wrote to memory of 524	1444	Mail Access Checker By Blackbeard.exe	28
PID 1444 wrote to memory of 524	1444	Mail Access Checker By Blackbeard.exe	28
PID 1444 wrote to memory of 524	1444	Mail Access Checker By Blackbeard.exe	28
PID 1444 wrote to memory of 524	1444	Mail Access Checker By Blackbeard.exe	28

C:\Users\Admin\AppData\Local\Temp\mMail Access Checker By Blackbeard\Mail Access Checker By Blackbeard.exe
"C:\Users\Admin\AppData\Local\Temp\mMail Access Checker By Blackbeard\Mail Access Checker By Blackbeard.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 764
  2⤵
  - Program crash
  PID:524

memory/1444-54-0x00000000009F0000-0x0000000000B6E000-memory.dmp

Filesize
1.5MB

Download
memory/1444-55-0x00000000003D0000-0x00000000003D6000-memory.dmp

Filesize
24KB

Download
memory/1444-56-0x0000000000430000-0x0000000000470000-memory.dmp

Filesize
256KB

Download
memory/1444-57-0x0000000000430000-0x0000000000470000-memory.dmp

Filesize
256KB

Download