0f0b4d2dc4229e967b490e60929f3a55dfb874fbfb7aec855971a99e478ccfa0

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
19/11/2023, 20:44

Target

b2e09b439d7b6af1c30f4d626d29ad458476bb12739164f2650752445ce0e210.exe
Size

2.2MB
MD5

3394aa9dfb48e470547e7f8628375edc
SHA1

61a0e1e57a660aebdb36db1a27af1455370d6510
SHA256

b2e09b439d7b6af1c30f4d626d29ad458476bb12739164f2650752445ce0e210
SHA512

6faf184af17608b71fd5bc5a4a0d50b3649d53647acea4aee52a18696fdc77aa8c85bed55281e27dbb395eefcf2db7a92b5be5b7389f69d9d517c11338a62fcc
SSDEEP

49152:ZqCY2nf4AUBeTNQqw/H2a2fidVEtMoo9SSwMKJrEmzuZWj7T:Exqf1pdw/bD8OkXcE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2728	1232	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1232 wrote to memory of 2728	1232	b2e09b439d7b6af1c30f4d626d29ad458476bb12739164f2650752445ce0e210.exe	28
PID 1232 wrote to memory of 2728	1232	b2e09b439d7b6af1c30f4d626d29ad458476bb12739164f2650752445ce0e210.exe	28
PID 1232 wrote to memory of 2728	1232	b2e09b439d7b6af1c30f4d626d29ad458476bb12739164f2650752445ce0e210.exe	28
PID 1232 wrote to memory of 2728	1232	b2e09b439d7b6af1c30f4d626d29ad458476bb12739164f2650752445ce0e210.exe	28

C:\Users\Admin\AppData\Local\Temp\b2e09b439d7b6af1c30f4d626d29ad458476bb12739164f2650752445ce0e210.exe
"C:\Users\Admin\AppData\Local\Temp\b2e09b439d7b6af1c30f4d626d29ad458476bb12739164f2650752445ce0e210.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 564
  2⤵
  - Program crash
  PID:2728

memory/1232-0-0x0000000001060000-0x00000000012A0000-memory.dmp

Filesize
2.2MB

Download
memory/1232-1-0x00000000749F0000-0x00000000750DE000-memory.dmp

Filesize
6.9MB

Download
memory/1232-2-0x0000000004F70000-0x0000000004FB0000-memory.dmp

Filesize
256KB

Download
memory/1232-3-0x00000000749F0000-0x00000000750DE000-memory.dmp

Filesize
6.9MB

Download
memory/1232-4-0x0000000004F70000-0x0000000004FB0000-memory.dmp

Filesize
256KB

Download