d9573611771222cdde0253dbc69aeb46ff0db58fb7e474a7938ce90d3565bdb1

Analysis

max time kernel
26s
max time network
31s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
06/07/2023, 15:42

Target

37ee3e74e256daexeexeexeex.exe
Size

335KB
MD5

37ee3e74e256da1069260bcf8575003f
SHA1

0f669d3dd888ced855b15f6990b2ff0248bd20df
SHA256

d9573611771222cdde0253dbc69aeb46ff0db58fb7e474a7938ce90d3565bdb1
SHA512

1e9d95f9658816202619ce1c9fde6483faf6fce731bfa8f8ea94d185bbf88a0283f6c66d0f6ea3c5751b5c131313efc595aab0f1c6b0b25b81ca574c71389639
SSDEEP

6144:qtUGfUWOeEBUEhLkXj3zRG6yLQ/UNP4H2CiTTg10qhh4bAjrt:qtUGfVwUFzRG6EQ0POfiTTg0qSAjrt

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2896	2968	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2896	2968	37ee3e74e256daexeexeexeex.exe	27
PID 2968 wrote to memory of 2896	2968	37ee3e74e256daexeexeexeex.exe	27
PID 2968 wrote to memory of 2896	2968	37ee3e74e256daexeexeexeex.exe	27
PID 2968 wrote to memory of 2896	2968	37ee3e74e256daexeexeexeex.exe	27

C:\Users\Admin\AppData\Local\Temp\37ee3e74e256daexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\37ee3e74e256daexeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 120
  2⤵
  - Program crash
  PID:2896