850ce005298ab95b563a50c0b95618d97bc4696e3fffddf12b06c25bf933bfb0

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
19/07/2023, 08:16

Target

Transferencia.exe
Size

624KB
MD5

6c69b1778096564e9926f9cab8600031
SHA1

39592861740092bbfe0bcb632b0bc55fbde58ab1
SHA256

850ce005298ab95b563a50c0b95618d97bc4696e3fffddf12b06c25bf933bfb0
SHA512

ad501fd2ccf52740dc0c64bef085551f840f926b2f721923016ad0021420d541de2ec4f2298a1ef99715834aa13bf55717c3849f1c48f6da156d95e8c90ff5e4
SSDEEP

12288:hPYPfY7fsbKjfK9yK2kVM7Ta/UO42LMW2lNDCxNZP:hPYPgwbKjGyK2j6UqMWENDk

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2940	2380	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2940	2380	Transferencia.exe	30
PID 2380 wrote to memory of 2940	2380	Transferencia.exe	30
PID 2380 wrote to memory of 2940	2380	Transferencia.exe	30
PID 2380 wrote to memory of 2940	2380	Transferencia.exe	30

C:\Users\Admin\AppData\Local\Temp\Transferencia.exe
"C:\Users\Admin\AppData\Local\Temp\Transferencia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 656
  2⤵
  - Program crash
  PID:2940

memory/2380-54-0x00000000001C0000-0x0000000000260000-memory.dmp

Filesize
640KB

Download
memory/2380-55-0x00000000743F0000-0x0000000074ADE000-memory.dmp

Filesize
6.9MB

Download
memory/2380-56-0x0000000004D50000-0x0000000004D90000-memory.dmp

Filesize
256KB

Download
memory/2380-57-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2380-58-0x00000000743F0000-0x0000000074ADE000-memory.dmp

Filesize
6.9MB

Download
memory/2380-59-0x0000000004D50000-0x0000000004D90000-memory.dmp

Filesize
256KB

Download
memory/2380-60-0x00000000005C0000-0x00000000005CA000-memory.dmp

Filesize
40KB

Download