c42034f0791dadcc7b933fff7b691daf12739f696b63a3ae1a58ff5f7ef987bf

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
14/11/2023, 03:20

Target

b89f5446656a69ecc7fb12d7d8f1ff6b5d0679b43d810dfdaad00e807783a471.exe
Size

1.2MB
MD5

dc8c2c5d397e7e966ba359f5c5618766
SHA1

2d5cf2942e9d5bcd5dd5e14189ce6124aa7acedd
SHA256

b89f5446656a69ecc7fb12d7d8f1ff6b5d0679b43d810dfdaad00e807783a471
SHA512

330b4de7c168ace3f69c5623d03ec74511e641628cef37988d59b9be91badefe898e623ba0a901e78d7004b4613fa52ed838b67a8421aec7e60151e9988bca38
SSDEEP

6144:YQDVsWNAxnblJZG0v2XnKHGMc7G1lGoVC/QC//Uc8h8+tcakU0/za8fmkCatA6K8:YQ5sWqbzZxm9Q1lGoIiZltnk1e8f/de

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2964	2616	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 2964	2616	b89f5446656a69ecc7fb12d7d8f1ff6b5d0679b43d810dfdaad00e807783a471.exe	28
PID 2616 wrote to memory of 2964	2616	b89f5446656a69ecc7fb12d7d8f1ff6b5d0679b43d810dfdaad00e807783a471.exe	28
PID 2616 wrote to memory of 2964	2616	b89f5446656a69ecc7fb12d7d8f1ff6b5d0679b43d810dfdaad00e807783a471.exe	28
PID 2616 wrote to memory of 2964	2616	b89f5446656a69ecc7fb12d7d8f1ff6b5d0679b43d810dfdaad00e807783a471.exe	28

C:\Users\Admin\AppData\Local\Temp\b89f5446656a69ecc7fb12d7d8f1ff6b5d0679b43d810dfdaad00e807783a471.exe
"C:\Users\Admin\AppData\Local\Temp\b89f5446656a69ecc7fb12d7d8f1ff6b5d0679b43d810dfdaad00e807783a471.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 36
  2⤵
  - Program crash
  PID:2964