ac4c17341b6f1517e3d6d0da3ca5fd5d38893827e325fbd7c3b1a67e9501c2e9

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
28/06/2023, 14:15

Target

1796560x00000000004000000.exe
Size

2.8MB
MD5

71a8d3e5a82f056fd22b1ee222561ccc
SHA1

e21623189a1c169d3755246172d57f78502b8f6d
SHA256

ac4c17341b6f1517e3d6d0da3ca5fd5d38893827e325fbd7c3b1a67e9501c2e9
SHA512

25c7592fea297974e0a7f06f763dcf7daa2bb83df9d029a7821f66d95ca3aa51b36db92acf4a00e400ffa9e9b8567b449d0e44c7d4351f5ad8db5340d9a6de55
SSDEEP

6144:uCyiXVZhMMOP/AXh/PP6IEWEonebA8mUG05UJKH2khp9j5kz+i9moRQ2Jg7Eahr/:udiXZMbKCxWIW+kmoRQ227EyiPxInr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1180	1536	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 1180	1536	1796560x00000000004000000.exe	28
PID 1536 wrote to memory of 1180	1536	1796560x00000000004000000.exe	28
PID 1536 wrote to memory of 1180	1536	1796560x00000000004000000.exe	28
PID 1536 wrote to memory of 1180	1536	1796560x00000000004000000.exe	28

C:\Users\Admin\AppData\Local\Temp\1796560x00000000004000000.exe
"C:\Users\Admin\AppData\Local\Temp\1796560x00000000004000000.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 36
  2⤵
  - Program crash
  PID:1180