df2604898f1cf4e99ef89473d177bc42464a6196fadfb94a3d173dc0006580e0

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
24-07-2023 07:16

Target

FitsPO.exe
Size

940KB
MD5

8c88b77fa4686a526236337b2555d3a0
SHA1

f9f7c665a7a7d1a80198f3abd76c7dcfcd4e6eea
SHA256

df2604898f1cf4e99ef89473d177bc42464a6196fadfb94a3d173dc0006580e0
SHA512

a8553c04c643560868d7ddcf95ce02f0557e5c6e70e73779b9dc140faa7b3e61d0f60c127303c4416abafbf0b9071bce79ef393b147f23c2ef2c4b67770786bf
SSDEEP

12288:TT5L89fGQTMWdVNLBrhEP58IBeetWMkgHpFXPZe7zx652CN/puQi/c4Ag2vw6VsW:TTOeQTMWd5rhUP/i/c4AHvwTI7aUES

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2836	2188	WerFault.exe	18

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2836	2188	FitsPO.exe	28
PID 2188 wrote to memory of 2836	2188	FitsPO.exe	28
PID 2188 wrote to memory of 2836	2188	FitsPO.exe	28
PID 2188 wrote to memory of 2836	2188	FitsPO.exe	28

C:\Users\Admin\AppData\Local\Temp\FitsPO.exe
"C:\Users\Admin\AppData\Local\Temp\FitsPO.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 848
  2⤵
  - Program crash
  PID:2836

memory/2188-53-0x0000000000D60000-0x0000000000E52000-memory.dmp

Filesize
968KB

Download
memory/2188-54-0x00000000747F0000-0x0000000074EDE000-memory.dmp

Filesize
6.9MB

Download
memory/2188-55-0x0000000004E50000-0x0000000004E90000-memory.dmp

Filesize
256KB

Download
memory/2188-56-0x00000000003B0000-0x00000000003CE000-memory.dmp

Filesize
120KB

Download
memory/2188-58-0x00000000747F0000-0x0000000074EDE000-memory.dmp

Filesize
6.9MB

Download