565c089002892cf59e15ca6b9b4bad635a0f72ba8e2e277f41521bd80e6cd9bd

Analysis

max time kernel
26s
max time network
30s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
06-07-2023 12:48

Target

2a29d60c3fc57aexeexeexeex.exe
Size

335KB
MD5

2a29d60c3fc57ae863bfe725f6be64eb
SHA1

bcf1f470ad6d2998bcd3e5516ab42064985a6bd5
SHA256

565c089002892cf59e15ca6b9b4bad635a0f72ba8e2e277f41521bd80e6cd9bd
SHA512

b422f14fdc2c0559d04ce76f77f884d77a069c85a2b913dc068b0195a07832fa081134187c4b743702e662f636744547be811f1047bc96ad69132377aaa20866
SSDEEP

6144:qtUGfUWOeEBUEhLkXj3zRG6yLQ/UNP4H2CiTTA10qhh4TAjrt:qtUGfVwUFzRG6EQ0POfiTTA0qeAjrt

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2112 3044 WerFault.exe 2a29d60c3fc57aexeexeexeex.exe

pid	pid_target	process	target process
2112	3044	WerFault.exe	2a29d60c3fc57aexeexeexeex.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

2a29d60c3fc57aexeexeexeex.exe

description	pid	process	target process
PID 3044 wrote to memory of 2112	3044	2a29d60c3fc57aexeexeexeex.exe	WerFault.exe
PID 3044 wrote to memory of 2112	3044	2a29d60c3fc57aexeexeexeex.exe	WerFault.exe
PID 3044 wrote to memory of 2112	3044	2a29d60c3fc57aexeexeexeex.exe	WerFault.exe
PID 3044 wrote to memory of 2112	3044	2a29d60c3fc57aexeexeexeex.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\2a29d60c3fc57aexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\2a29d60c3fc57aexeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 120
2⤵
- Program crash
PID:2112