5ca8205a76e2d2336871ac71e6d5d107b82d2ca5b1d235a68671721f8293a21c

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
21/08/2023, 03:43

Target

MF Specification.exe
Size

740KB
MD5

3737442b166f000ee0704de1b87c539a
SHA1

2e3edd119d40eba82f2cb1b897ebaa0080926c79
SHA256

9042af9c61bc16031029a9b936d5a87b7ea6209c33ff868de2cf398348bc1928
SHA512

463db8509fbe01b635a9f0d007d8e0ae11e5bb3133cc710f995e6d0ecf7290382d6af7bbd6ef1eeec7eeb71a690e928e5e433f3175326c6f24646acb611dd9e5
SSDEEP

12288:GrVh+xGb/8kLX5j8WBy37m4t44ifgO5JWkWSZqtOsw2SO3kSQ08:gh18kFjL2JXizAsqIs3tE0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2936	1184	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 2936	1184	MF Specification.exe	30
PID 1184 wrote to memory of 2936	1184	MF Specification.exe	30
PID 1184 wrote to memory of 2936	1184	MF Specification.exe	30
PID 1184 wrote to memory of 2936	1184	MF Specification.exe	30

C:\Users\Admin\AppData\Local\Temp\MF Specification.exe
"C:\Users\Admin\AppData\Local\Temp\MF Specification.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 664
  2⤵
  - Program crash
  PID:2936

memory/1184-53-0x0000000000890000-0x0000000000950000-memory.dmp

Filesize
768KB

Download
memory/1184-54-0x0000000074C90000-0x000000007537E000-memory.dmp

Filesize
6.9MB

Download
memory/1184-55-0x0000000004D60000-0x0000000004DA0000-memory.dmp

Filesize
256KB

Download
memory/1184-56-0x0000000000500000-0x000000000051A000-memory.dmp

Filesize
104KB

Download
memory/1184-57-0x0000000074C90000-0x000000007537E000-memory.dmp

Filesize
6.9MB

Download
memory/1184-58-0x0000000004D60000-0x0000000004DA0000-memory.dmp

Filesize
256KB

Download
memory/1184-59-0x0000000000530000-0x000000000053E000-memory.dmp

Filesize
56KB

Download