2260dc2fb430c4ae4d3e1f3cfac33eb004e1195d4c9a52e18485ddec6468fca8

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
27-08-2023 17:42

Target

b732919649a7ce48ee14e4d36ed6f832_mafia_JC.exe
Size

839KB
MD5

b732919649a7ce48ee14e4d36ed6f832
SHA1

ba364a19aa7c72c46645fac115c0019f2aee1459
SHA256

2260dc2fb430c4ae4d3e1f3cfac33eb004e1195d4c9a52e18485ddec6468fca8
SHA512

d64ce851d6f3aecde49d5dbcb16bde7766237dddc398f9d0cabf30d9813135e5e945787c72af33c43852a52af80ddf4ac6da9423adcf74ec24731cd89c4f860a
SSDEEP

24576:EiPiZsx2Vm+Vv+gbf2EB66wko86Zln49jClWLggE9rEUsA:/PiYC3PAk96Pn49BknEVA

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2144	1864	WerFault.exe	21

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 2144	1864	b732919649a7ce48ee14e4d36ed6f832_mafia_JC.exe	28
PID 1864 wrote to memory of 2144	1864	b732919649a7ce48ee14e4d36ed6f832_mafia_JC.exe	28
PID 1864 wrote to memory of 2144	1864	b732919649a7ce48ee14e4d36ed6f832_mafia_JC.exe	28
PID 1864 wrote to memory of 2144	1864	b732919649a7ce48ee14e4d36ed6f832_mafia_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\b732919649a7ce48ee14e4d36ed6f832_mafia_JC.exe
"C:\Users\Admin\AppData\Local\Temp\b732919649a7ce48ee14e4d36ed6f832_mafia_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 36
  2⤵
  - Program crash
  PID:2144

memory/1864-2-0x00000000016B0000-0x0000000001790060-memory.dmp

Filesize
896KB

Download
memory/1864-1-0x00000000016B0000-0x0000000001790060-memory.dmp

Filesize
896KB

Download
memory/1864-0-0x00000000016B0000-0x0000000001790060-memory.dmp

Filesize
896KB

Download
memory/1864-3-0x00000000016B0000-0x0000000001790060-memory.dmp

Filesize
896KB

Download
memory/1864-4-0x00000000016B0000-0x0000000001790060-memory.dmp

Filesize
896KB

Download