0fef280911f0d98a5e3f03bd59501dd7ca468361eccbedf86dfa9b3a44a1e5f2

Analysis

max time kernel
30s
max time network
34s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
10-07-2023 14:49

Target

c9d6467f62613cexeexeexeex.exe
Size

335KB
MD5

c9d6467f62613c75e7ac5f1544547578
SHA1

410d1497246333a95cd2625f4611ec150e5a84e6
SHA256

0fef280911f0d98a5e3f03bd59501dd7ca468361eccbedf86dfa9b3a44a1e5f2
SHA512

7f3c0a8a913417b47d4ed2abe7d75cb1baf82f2b4bd06e3781018aa66fbf98f85e62832f8d1a8afa68f20014be482ba6a80370edf395c98d1fe3fd020beb54cd
SSDEEP

6144:qtUGfUWOeEBUEhLkXj3zRG6yLQ/UNP4H2CiTTH10qhh4UAjrt:qtUGfVwUFzRG6EQ0POfiTTV0qRAjrt

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2408 2380 WerFault.exe c9d6467f62613cexeexeexeex.exe

pid	pid_target	process	target process
2408	2380	WerFault.exe	c9d6467f62613cexeexeexeex.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

c9d6467f62613cexeexeexeex.exe

description	pid	process	target process
PID 2380 wrote to memory of 2408	2380	c9d6467f62613cexeexeexeex.exe	WerFault.exe
PID 2380 wrote to memory of 2408	2380	c9d6467f62613cexeexeexeex.exe	WerFault.exe
PID 2380 wrote to memory of 2408	2380	c9d6467f62613cexeexeexeex.exe	WerFault.exe
PID 2380 wrote to memory of 2408	2380	c9d6467f62613cexeexeexeex.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\c9d6467f62613cexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\c9d6467f62613cexeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 120
2⤵
- Program crash
PID:2408