a949ca53015528c813ea9f68c444201905f9bb129f2bc44ee2434b1ff5ae4966

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
19-05-2023 10:06

Target

Device/HarddiskVolume4/ProgramData/Garbage Cleaner/Garbage Cleaner.exe
Size

370KB
MD5

d41740255bf565a5df7474e7fb36852e
SHA1

b550a2e02d25af4699e1cbf3ed35f2780c745489
SHA256

4a702c33e4e15617b56f545a956aec37c92585217091c1e2ca08180380709b6b
SHA512

3f12a5e25de3701f654569e416455b50313355345f4b5d69f2e5e6fe4abba3f0d058f65704058684988d1779b482e68919cacd43cf2e1fd372171e00e63bd708
SSDEEP

6144:uxqnHoimCTsjAfRXmOyLTGVncEBguHgcj79duOB8wlIXX8CK8uZnd:uxqIimCwA/yLTGVncEBguH17juElIHSd

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1248 1724 WerFault.exe Garbage Cleaner.exe

pid	pid_target	process	target process
1248	1724	WerFault.exe	Garbage Cleaner.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Garbage Cleaner.exe

description	pid	process	target process
PID 1724 wrote to memory of 1248	1724	Garbage Cleaner.exe	WerFault.exe
PID 1724 wrote to memory of 1248	1724	Garbage Cleaner.exe	WerFault.exe
PID 1724 wrote to memory of 1248	1724	Garbage Cleaner.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume4\ProgramData\Garbage Cleaner\Garbage Cleaner.exe
"C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume4\ProgramData\Garbage Cleaner\Garbage Cleaner.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1724 -s 612
  2⤵
  - Program crash
  PID:1248

memory/1724-54-0x00000000001E0000-0x0000000000242000-memory.dmp

Filesize
392KB

Download
memory/1724-55-0x000000001B670000-0x000000001B6F0000-memory.dmp

Filesize
512KB

Download