99dd5b005494af6582e06006b2b176873f5924d5b482ded34a89b05005e36d40

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
19-05-2023 03:30

Target

SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen2.32550.exe
Size

112KB
MD5

fd478a063f248391e792d31fc0ef7990
SHA1

4b019ffba473890553b1663185ba4b08e7ab61c5
SHA256

99dd5b005494af6582e06006b2b176873f5924d5b482ded34a89b05005e36d40
SHA512

5ed856933be1aa46644bff83c3f1d6d56b4a16ab09cb5917c1e77d793f501b25203c42c66fdf5cfb4d33d757eedf6670133ea68ba8bf47de68b64e7ac62ece40
SSDEEP

1536:X5HjaDYm3wjjer+CttlYepl6Rh3xkz3x6akvvf8GFRRi7T2WTdtg:X5Hj/E1yRp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1192	2044	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1192	2044	SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen2.32550.exe	27
PID 2044 wrote to memory of 1192	2044	SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen2.32550.exe	27
PID 2044 wrote to memory of 1192	2044	SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen2.32550.exe	27
PID 2044 wrote to memory of 1192	2044	SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen2.32550.exe	27

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen2.32550.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen2.32550.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 36
  2⤵
  - Program crash
  PID:1192