ed42589c7cd48f2cd1bc3a62bfa8069c9307bd1e4a562e528ef2c355d4ef4886

Analysis

max time kernel
103s
max time network
33s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
11/07/2023, 16:50

Target

fbd54774eb90f8exeexeexeex.exe
Size

520KB
MD5

fbd54774eb90f87ddaea02899a373f3a
SHA1

9437bdf9c70b5b32446503edef93af15b35de017
SHA256

ed42589c7cd48f2cd1bc3a62bfa8069c9307bd1e4a562e528ef2c355d4ef4886
SHA512

61b1d99c435fb78f2583b58617b3e579c7e3b040035ff62902aa5f24639121acac5254181f193297aefb1d19bd7b90f8ad7b7cfe90f5296a40915c1cbf5fe642
SSDEEP

12288:M2wRlGz1Tyg1+ZpOC29TeiAJ1X5RqEqAVtNtVOtrdnPNZ:M2wGzUgWpVOTeiAH+vALNHQBPN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2196	2084	WerFault.exe	28

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2196	2084	fbd54774eb90f8exeexeexeex.exe	29
PID 2084 wrote to memory of 2196	2084	fbd54774eb90f8exeexeexeex.exe	29
PID 2084 wrote to memory of 2196	2084	fbd54774eb90f8exeexeexeex.exe	29
PID 2084 wrote to memory of 2196	2084	fbd54774eb90f8exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\fbd54774eb90f8exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\fbd54774eb90f8exeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 132
  2⤵
  - Program crash
  PID:2196