357f0cd039351b88b6a46428a709a1b3711ebca87f50eeef833bcf75243d17d4

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
14-07-2023 16:35

Target

2d9f575e0ff355exeexe_JC.exe
Size

362KB
MD5

2d9f575e0ff3555eea886e383fbe29ff
SHA1

682f625a2d29aa10c3db38bc276254e11f0100f4
SHA256

357f0cd039351b88b6a46428a709a1b3711ebca87f50eeef833bcf75243d17d4
SHA512

edc2927832014e908a82d499160e7cb09f48dee672fc2f06b02fbc5c566158711b47ff2fb1419b7a2e4455899fea56f56fc759f5fc8b6180766785f796879581
SSDEEP

6144:rjkHB+phBenZusBrAnPmOXG5NCv99DFl5UO2AnSUGgqCj16izzl:roh+phBenZVBAnP1XMCv99DFTUOwK1Hl

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1980	2692	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 1980	2692	2d9f575e0ff355exeexe_JC.exe	28
PID 2692 wrote to memory of 1980	2692	2d9f575e0ff355exeexe_JC.exe	28
PID 2692 wrote to memory of 1980	2692	2d9f575e0ff355exeexe_JC.exe	28
PID 2692 wrote to memory of 1980	2692	2d9f575e0ff355exeexe_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\2d9f575e0ff355exeexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2d9f575e0ff355exeexe_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 120
  2⤵
  - Program crash
  PID:1980

memory/2692-54-0x0000000000870000-0x00000000008B3000-memory.dmp

Filesize
268KB

Download
memory/2692-55-0x0000000000870000-0x00000000008B3000-memory.dmp

Filesize
268KB

Download