7c763e6deae08bc63a5dd7bc9a83f0652368fcb95f3f16b468a8e0c2ae060ace

Analysis

max time kernel
28s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22/05/2023, 11:46

Target

SecuriteInfo.com.BATCH.Virus.10952.21014.exe
Size

536KB
MD5

b2cf95cdf70170556baaf3b57ee60362
SHA1

aa75d6389c6f35ebbf60325e42d817bf93653bcd
SHA256

7c763e6deae08bc63a5dd7bc9a83f0652368fcb95f3f16b468a8e0c2ae060ace
SHA512

fe1706af6c7b11701568517c8be07bb5021287eaabc5f182a6e22a855ac5efda35912ecd8799a60082ae556db91e8acaacddec58c33fcbae5ce4d1c8b50e1e79
SSDEEP

12288:nHUCVtJ6sjb1e4NXJoSDme9K1piaKEowPYTCNzmCwBIKC95R63TDLBVF:0o6sjb1Xtees1g3wPYTCN8j9VF

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2044	2032	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2044	2032	SecuriteInfo.com.BATCH.Virus.10952.21014.exe	28
PID 2032 wrote to memory of 2044	2032	SecuriteInfo.com.BATCH.Virus.10952.21014.exe	28
PID 2032 wrote to memory of 2044	2032	SecuriteInfo.com.BATCH.Virus.10952.21014.exe	28
PID 2032 wrote to memory of 2044	2032	SecuriteInfo.com.BATCH.Virus.10952.21014.exe	28

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BATCH.Virus.10952.21014.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BATCH.Virus.10952.21014.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 36
  2⤵
  - Program crash
  PID:2044