ccac0c07a252a1ff2717dd8a78fc5dc7560df7c4ee623866d16a6168cebd1b49

Analysis

max time kernel
27s
max time network
31s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
09-07-2023 15:00

Target

84ae6b82c9fb59exeexeexeex.exe
Size

335KB
MD5

84ae6b82c9fb5905c8753edf066a805d
SHA1

354e72ba08cef416e7d12bd28b62833b82bc89d1
SHA256

ccac0c07a252a1ff2717dd8a78fc5dc7560df7c4ee623866d16a6168cebd1b49
SHA512

212faeffb70a583d23abdd63af8bc38993053961d6c3cdee93f0223f205cc13c4fab918b9ea86b62da813434b49f7a73b4fd1cfe3d113d00ef03ab7c6ade4739
SSDEEP

6144:qtUGfUWOeEBUEhLkXj3zRG6yLQ/UNP4H2CiTTw10qhh4BAjrt:qtUGfVwUFzRG6EQ0POfiTTw0qoAjrt

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2052	1984	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2052	1984	84ae6b82c9fb59exeexeexeex.exe	27
PID 1984 wrote to memory of 2052	1984	84ae6b82c9fb59exeexeexeex.exe	27
PID 1984 wrote to memory of 2052	1984	84ae6b82c9fb59exeexeexeex.exe	27
PID 1984 wrote to memory of 2052	1984	84ae6b82c9fb59exeexeexeex.exe	27

C:\Users\Admin\AppData\Local\Temp\84ae6b82c9fb59exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\84ae6b82c9fb59exeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 120
  2⤵
  - Program crash
  PID:2052