37900730c765d65c6ff1eb8f8430e8b016512beb5b3e442ad74bb5e690b05fa6

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11-06-2023 01:49

Target

b2450979aa3f7d8f9c8442e00efa77c2.exe
Size

424KB
MD5

b2450979aa3f7d8f9c8442e00efa77c2
SHA1

c3bd88e049a794d5faa30f19a392d0053d4e5e17
SHA256

37900730c765d65c6ff1eb8f8430e8b016512beb5b3e442ad74bb5e690b05fa6
SHA512

14bcefc8d8e733c4700ba68dba77fe9eb2f810bc257296cc46134ae7b1c6b3976d6ff4ab100568e37570540db99854aba4d6d7706d36c0dabb318b12da9edc6b
SSDEEP

6144:y9XMgWCxEV+JM6FhWbkQm8GEPkiU23dSFAiDD1TBuhTEA:iMgWCxzJMvzGKki/3giiDBTB4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
920	1736	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 920	1736	b2450979aa3f7d8f9c8442e00efa77c2.exe	27
PID 1736 wrote to memory of 920	1736	b2450979aa3f7d8f9c8442e00efa77c2.exe	27
PID 1736 wrote to memory of 920	1736	b2450979aa3f7d8f9c8442e00efa77c2.exe	27
PID 1736 wrote to memory of 920	1736	b2450979aa3f7d8f9c8442e00efa77c2.exe	27

C:\Users\Admin\AppData\Local\Temp\b2450979aa3f7d8f9c8442e00efa77c2.exe
"C:\Users\Admin\AppData\Local\Temp\b2450979aa3f7d8f9c8442e00efa77c2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 36
  2⤵
  - Program crash
  PID:920