4fba1d87c0ef4f15d48d40ec60b1ab067609f83b4d90e1bca034b201955ad1c9

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15/06/2023, 13:13

Target

ServiceControl.exe
Size

436KB
MD5

12ed45a9693621eec828e36ced1e4fee
SHA1

ed6a7fd77f072c20ee127be9e1cb6893bbe3c04e
SHA256

4fba1d87c0ef4f15d48d40ec60b1ab067609f83b4d90e1bca034b201955ad1c9
SHA512

fbcb239c2dfa607ed5caaf4cc3b2efeb2261740d1984fb66dc57315c520d7b72e296dd50a642be424b43b31bffa93b2d858505dde0aef72577792be2d7f5cd65
SSDEEP

3072:gVQmsD9057ooVaS+WPdQC/lqqQOOO333ffftttCNCCNNA8ADMD2Ko7Oib0ZMG6oG:2C81Dn7Oib0Ztp8ButoErtoEEzob

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1980	2024	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1980	2024	ServiceControl.exe	28
PID 2024 wrote to memory of 1980	2024	ServiceControl.exe	28
PID 2024 wrote to memory of 1980	2024	ServiceControl.exe	28

C:\Users\Admin\AppData\Local\Temp\ServiceControl.exe
"C:\Users\Admin\AppData\Local\Temp\ServiceControl.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2024 -s 788
  2⤵
  - Program crash
  PID:1980

memory/2024-54-0x0000000000AD0000-0x0000000000B42000-memory.dmp

Filesize
456KB

Download
memory/2024-55-0x000000001AFD0000-0x000000001B050000-memory.dmp

Filesize
512KB

Download
memory/2024-56-0x000000001AFD0000-0x000000001B050000-memory.dmp

Filesize
512KB

Download