74ac9be0190417cff6f4337cc80d41b08a2ebe1d0f0d6f7d272f75c5c04b6f12

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
22/09/2023, 19:01

Target

74ac9be0190417cff6f4337cc80d41b08a2ebe1d0f0d6f7d272f75c5c04b6f12.exe
Size

1022KB
MD5

0f271e3b28d13fdc475b70fd6e7b77c5
SHA1

a486bf6c28ca60401d0bd00d1094e7da96001738
SHA256

74ac9be0190417cff6f4337cc80d41b08a2ebe1d0f0d6f7d272f75c5c04b6f12
SHA512

19cdc206979ba0f9b22fac1fadb82552caeac490f0c4873ed16ee0b0c1c29d61e13bd041af64aca4b9adfdf269a1078d1bdbf0488220c108330b077d23042cfd
SSDEEP

24576:cPxF2cy/k71bRJPWA+ywfYvxANWw2ItKXdNpdS:cPycyu1NFWA+6xAspdS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2804	1720	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2804	1720	74ac9be0190417cff6f4337cc80d41b08a2ebe1d0f0d6f7d272f75c5c04b6f12.exe	28
PID 1720 wrote to memory of 2804	1720	74ac9be0190417cff6f4337cc80d41b08a2ebe1d0f0d6f7d272f75c5c04b6f12.exe	28
PID 1720 wrote to memory of 2804	1720	74ac9be0190417cff6f4337cc80d41b08a2ebe1d0f0d6f7d272f75c5c04b6f12.exe	28
PID 1720 wrote to memory of 2804	1720	74ac9be0190417cff6f4337cc80d41b08a2ebe1d0f0d6f7d272f75c5c04b6f12.exe	28

C:\Users\Admin\AppData\Local\Temp\74ac9be0190417cff6f4337cc80d41b08a2ebe1d0f0d6f7d272f75c5c04b6f12.exe
"C:\Users\Admin\AppData\Local\Temp\74ac9be0190417cff6f4337cc80d41b08a2ebe1d0f0d6f7d272f75c5c04b6f12.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 220
  2⤵
  - Program crash
  PID:2804

memory/1720-0-0x0000000000400000-0x0000000000692600-memory.dmp

Filesize
2.6MB

Download
memory/1720-1-0x0000000000400000-0x0000000000692600-memory.dmp

Filesize
2.6MB

Download