d5a557d08e0e3e035cce9ab05a9e350773740fda6f0fbe80a4aa8371f073d51d

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
16-07-2023 21:26

Target

Server Crasher/Gtag Server Crasher/ServerCrasher.exe
Size

78KB
MD5

5cf22ad7c4d3ab44ba72fd6642aa643a
SHA1

31601a86aadbc370be0b3fa92f583b56ec20381d
SHA256

2fa42459e3f9fcc0d84bbfbef1ac65b8f2c2c16d2b7b3d7f3a30d5c9b93d6e35
SHA512

2c38548b000b119a104e97dfdc478e24596f96b5a57e8295b7eff2a3bffda5ef6db48b0f95692f339b4e722b27f6dfb62c8ad71ea36d8f4a1e57509a611282e7
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+7PIC:5Zv5PDwbjNrmAE+zIC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2572	2160	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2572	2160	ServerCrasher.exe	28
PID 2160 wrote to memory of 2572	2160	ServerCrasher.exe	28
PID 2160 wrote to memory of 2572	2160	ServerCrasher.exe	28

C:\Users\Admin\AppData\Local\Temp\Server Crasher\Gtag Server Crasher\ServerCrasher.exe
"C:\Users\Admin\AppData\Local\Temp\Server Crasher\Gtag Server Crasher\ServerCrasher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2160 -s 600
  2⤵
  - Program crash
  PID:2572

memory/2160-53-0x000000013F770000-0x000000013F788000-memory.dmp

Filesize
96KB

Download
memory/2160-54-0x000007FEF5580000-0x000007FEF5F6C000-memory.dmp

Filesize
9.9MB

Download
memory/2160-55-0x000000001B870000-0x000000001B8F0000-memory.dmp

Filesize
512KB

Download
memory/2160-56-0x000007FEF5580000-0x000007FEF5F6C000-memory.dmp

Filesize
9.9MB

Download