b59f53bc203b214cda7dff4ce49608c6c870d824b657f89647432e7d61fa0ac3

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
29-08-2023 19:40

Target

dcafbda407c8c7dd34e1b4f39e66f689_stop_JC.exe
Size

1.1MB
MD5

dcafbda407c8c7dd34e1b4f39e66f689
SHA1

514f7b1f4c25e9e62c00220e0e8668b11493c758
SHA256

b59f53bc203b214cda7dff4ce49608c6c870d824b657f89647432e7d61fa0ac3
SHA512

d07b01f09d6c20997071ab76d024e9c11e3b3e358dc5f8e60e91adedd2c4c58099e493aa2c3ab86a668a5d9459bdb525e6702013d7f31a4b9805a95726a051ab
SSDEEP

24576:ZBUIKn/vwOXGUXAjCymYZiVtElVIBT2roqnTSSxWeT/gRPOO8nZHUq7:F0dwAYZt6C31WeToRPOhnlUq7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1820	1336	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 1820	1336	dcafbda407c8c7dd34e1b4f39e66f689_stop_JC.exe	28
PID 1336 wrote to memory of 1820	1336	dcafbda407c8c7dd34e1b4f39e66f689_stop_JC.exe	28
PID 1336 wrote to memory of 1820	1336	dcafbda407c8c7dd34e1b4f39e66f689_stop_JC.exe	28
PID 1336 wrote to memory of 1820	1336	dcafbda407c8c7dd34e1b4f39e66f689_stop_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\dcafbda407c8c7dd34e1b4f39e66f689_stop_JC.exe
"C:\Users\Admin\AppData\Local\Temp\dcafbda407c8c7dd34e1b4f39e66f689_stop_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 192
  2⤵
  - Program crash
  PID:1820