98c56bd408475c605c7b5147cff125773790542716484bd34835fca6fc9eca2d

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 06:50

Target

5abc2dab3cc1a06a3e9b25a44df91cdc.exe
Size

371KB
MD5

5abc2dab3cc1a06a3e9b25a44df91cdc
SHA1

9abb7e672049b023bcc978657319210df9e5ea22
SHA256

98c56bd408475c605c7b5147cff125773790542716484bd34835fca6fc9eca2d
SHA512

f3bb27df4cadd214cf52b1c2b685437e434700085099f904d3b3891a3c29273a52328fe7611c4f93b027d0c0ee24d5a7b34a21d0bd3b5c74739cbd3c75ada559
SSDEEP

6144:SS0UVGs2N+SPvTBMO/+6V7qXGlKopAcRVLyJB35Smm7l9EuiBaLD:sUVGs2TjWu91zlhpRRVev5SmruiBa

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\spudscv.exe	5abc2dab3cc1a06a3e9b25a44df91cdc.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2612	2500	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 2612	2500	5abc2dab3cc1a06a3e9b25a44df91cdc.exe	31
PID 2500 wrote to memory of 2612	2500	5abc2dab3cc1a06a3e9b25a44df91cdc.exe	31
PID 2500 wrote to memory of 2612	2500	5abc2dab3cc1a06a3e9b25a44df91cdc.exe	31
PID 2500 wrote to memory of 2612	2500	5abc2dab3cc1a06a3e9b25a44df91cdc.exe	31

C:\Users\Admin\AppData\Local\Temp\5abc2dab3cc1a06a3e9b25a44df91cdc.exe
"C:\Users\Admin\AppData\Local\Temp\5abc2dab3cc1a06a3e9b25a44df91cdc.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 284
  2⤵
  - Program crash
  PID:2612

memory/2500-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2500-1-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2500-3-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2500-6-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download