06c5cc06fe8c6d2f568c2ea61802ec786b478ca79e102e0ce185d8f48adb8ea2

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
24-08-2023 16:10

Target

831246a536389a859ff97bae396f1917_mafia_JC.exe
Size

2.6MB
MD5

831246a536389a859ff97bae396f1917
SHA1

dfc789f89bff6531f7f00aff7c63af2acff1271e
SHA256

06c5cc06fe8c6d2f568c2ea61802ec786b478ca79e102e0ce185d8f48adb8ea2
SHA512

a9146172ed59eb16faaeefb81e58f1da5f856f3f0e6e004b7bbd75ed09cf6f3c8a51a9b6aba5959e96dccabaed4b101a7b496c9eaa564e8b546511e246256177
SSDEEP

49152:bkcJVFfs6MlomOqdfsQnRKjJsffk3mIqCng26kSRhCIFfrjwY8AZ/WOglj85W/Kt:b7JVYomPfssRKjJsHk3mIqig26ksCMwu

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2536	1780	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 2536	1780	831246a536389a859ff97bae396f1917_mafia_JC.exe	28
PID 1780 wrote to memory of 2536	1780	831246a536389a859ff97bae396f1917_mafia_JC.exe	28
PID 1780 wrote to memory of 2536	1780	831246a536389a859ff97bae396f1917_mafia_JC.exe	28
PID 1780 wrote to memory of 2536	1780	831246a536389a859ff97bae396f1917_mafia_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\831246a536389a859ff97bae396f1917_mafia_JC.exe
"C:\Users\Admin\AppData\Local\Temp\831246a536389a859ff97bae396f1917_mafia_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 220
  2⤵
  - Program crash
  PID:2536