521157d70d2b4d514adf82b6ebeba27e8c26acdfda8fb76cdbee01700b7bf30b

Analysis

max time kernel
27s
max time network
31s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06-07-2023 16:57

Target

404f3137629157exeexeexeex.exe
Size

186KB
MD5

404f31376291573186ff214a296a062b
SHA1

b0906946468e85c980f4a083ec286de38aa13e71
SHA256

521157d70d2b4d514adf82b6ebeba27e8c26acdfda8fb76cdbee01700b7bf30b
SHA512

b67921b204186dbcf97b2c388bdb24d7ae1f623b0aad5412c6fd3b2d3cf75d67c05731bbec2c7dcd606f4899048f1859c3fbb108ec8e918de13900283067f962
SSDEEP

3072:IFto0r1JZPIsLLJJMosLVW7x5mxQSQJ1SbpLQqE8jVUjUcrBnP2w2XGzeO:IF5JBrsLVW7DJYqqE8jVUjUgPBzH

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2372	2280	WerFault.exe	21

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2372	2280	404f3137629157exeexeexeex.exe	28
PID 2280 wrote to memory of 2372	2280	404f3137629157exeexeexeex.exe	28
PID 2280 wrote to memory of 2372	2280	404f3137629157exeexeexeex.exe	28
PID 2280 wrote to memory of 2372	2280	404f3137629157exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\404f3137629157exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\404f3137629157exeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 36
  2⤵
  - Program crash
  PID:2372

memory/2280-54-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download