fc93bb44312b22714ae0642ae429eca34ff37627eb3a0330bb51c18664a0e1ca

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
12/12/2023, 15:26

Target

fc93bb44312b22714ae0642ae429eca34ff37627eb3a0330bb51c18664a0e1ca.exe
Size

350KB
MD5

2530a32f29b149e9db7dae318832361c
SHA1

b3484546f516f60af5ef8f2481ed88e6bd6a0c71
SHA256

fc93bb44312b22714ae0642ae429eca34ff37627eb3a0330bb51c18664a0e1ca
SHA512

fa0915cf828ab88f1577c34c1c05b66c1d321ce0ba8203d08bc9c8aeda6294b145177cd22713577a85b902eded149e18dcdb7ce3e4cce0a2e9642532d19e17a4
SSDEEP

3072:d002lZLvDUYr+ARkSFOXNCEScFIQIzsvcF/9Fg4cGFWc4kCptOGR61Jj3LZFmeGY:mHjTauFOmcFY9Fg/8Gt1uVq1rXto6C5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2580	1680	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 2580	1680	fc93bb44312b22714ae0642ae429eca34ff37627eb3a0330bb51c18664a0e1ca.exe	32
PID 1680 wrote to memory of 2580	1680	fc93bb44312b22714ae0642ae429eca34ff37627eb3a0330bb51c18664a0e1ca.exe	32
PID 1680 wrote to memory of 2580	1680	fc93bb44312b22714ae0642ae429eca34ff37627eb3a0330bb51c18664a0e1ca.exe	32
PID 1680 wrote to memory of 2580	1680	fc93bb44312b22714ae0642ae429eca34ff37627eb3a0330bb51c18664a0e1ca.exe	32

C:\Users\Admin\AppData\Local\Temp\fc93bb44312b22714ae0642ae429eca34ff37627eb3a0330bb51c18664a0e1ca.exe
"C:\Users\Admin\AppData\Local\Temp\fc93bb44312b22714ae0642ae429eca34ff37627eb3a0330bb51c18664a0e1ca.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 616
  2⤵
  - Program crash
  PID:2580

memory/1680-0-0x0000000000250000-0x000000000027B000-memory.dmp

Filesize
172KB

Download