541a58b5295a0013cefc55bf1eaead5b22938f0b6c1fae361bd6a389120986b1

Analysis

max time kernel
263s
max time network
318s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13-10-2023 16:46

Target

JAAESPET.exe
Size

732KB
MD5

46aa3b4ff64a6ae174cbe469190ec1ae
SHA1

969d24c2d8e00dc58947043621cc48de298fc346
SHA256

68244f7b16e355e88f752ab26bd7290c019fad11d862754e9b5789ca15c263f1
SHA512

c8370112e30dea1726eb6bcc129547fc477d97b75b4a5148fe4d74f6fb82d747e13f04c12f0bb7c2d7f9679e1fed36a29fe69dbe60bae13096f45102eee078b0
SSDEEP

12288:3cQ2iN1Bdc8YY4HmfsF5aBgvBHf8Qx1u+nCB7U8T27mI5s15/tnKO2b5zBp:3cQ1nM8YYCqgvNnuEC727DwDyF

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2556	1636	WerFault.exe	7

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2556	1636	JAAESPET.exe	27
PID 1636 wrote to memory of 2556	1636	JAAESPET.exe	27
PID 1636 wrote to memory of 2556	1636	JAAESPET.exe	27
PID 1636 wrote to memory of 2556	1636	JAAESPET.exe	27

C:\Users\Admin\AppData\Local\Temp\JAAESPET.exe
"C:\Users\Admin\AppData\Local\Temp\JAAESPET.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 668
  2⤵
  - Program crash
  PID:2556

memory/1636-0-0x0000000000150000-0x000000000020C000-memory.dmp

Filesize
752KB

Download
memory/1636-1-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/1636-2-0x0000000004CF0000-0x0000000004D30000-memory.dmp

Filesize
256KB

Download
memory/1636-3-0x00000000003F0000-0x0000000000402000-memory.dmp

Filesize
72KB

Download
memory/1636-4-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/1636-5-0x0000000004CF0000-0x0000000004D30000-memory.dmp

Filesize
256KB

Download
memory/1636-6-0x0000000000420000-0x0000000000430000-memory.dmp

Filesize
64KB

Download