b6f07b31fd44388ccf8428c2187d8f603ba952c9cdf66549428c48bcf1944546

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
24-07-2023 12:32

Target

2023-07-13_845157c5f9f1869e31237e34f37e3db8_stop.exe
Size

1.1MB
MD5

845157c5f9f1869e31237e34f37e3db8
SHA1

8380c7fcc1bf895a0fa8ca9f26518bbefcf100bc
SHA256

b6f07b31fd44388ccf8428c2187d8f603ba952c9cdf66549428c48bcf1944546
SHA512

b84f7aaf2961fb853358729d0fa2044473afd0f7444b180f078875b493cf70b7c718692c7a78b726eecabbc11ab807889b90c6e7b094f5baa8517411bc5044c7
SSDEEP

24576:ZBUIKn/vwOXGUXAjCymYZiVtElVIBT2roqnTSSxWeT/QRPOO8RrHUq7:F0dwAYZt6C31WeToRPOhRjUq7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2760	2964	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2760	2964	2023-07-13_845157c5f9f1869e31237e34f37e3db8_stop.exe	28
PID 2964 wrote to memory of 2760	2964	2023-07-13_845157c5f9f1869e31237e34f37e3db8_stop.exe	28
PID 2964 wrote to memory of 2760	2964	2023-07-13_845157c5f9f1869e31237e34f37e3db8_stop.exe	28
PID 2964 wrote to memory of 2760	2964	2023-07-13_845157c5f9f1869e31237e34f37e3db8_stop.exe	28

C:\Users\Admin\AppData\Local\Temp\2023-07-13_845157c5f9f1869e31237e34f37e3db8_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2023-07-13_845157c5f9f1869e31237e34f37e3db8_stop.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 192
  2⤵
  - Program crash
  PID:2760