c6f7fe36da2b36e04f7b1405006602643774e544b94ec14080de52281692129b

Analysis

max time kernel
144s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 15:54

Target

7a9a24b9d1c52c5620e6d2f012a0fd74.exe
Size

416KB
MD5

7a9a24b9d1c52c5620e6d2f012a0fd74
SHA1

67a2007966c5fa00f153982343ab6c169114b2fb
SHA256

c6f7fe36da2b36e04f7b1405006602643774e544b94ec14080de52281692129b
SHA512

5e7ccdbc8baf37abc6ff3e1d72ac1ad7645eeeee44581c1327e72621a9efa318baa750b38bb711a83ecc0d9e51d25390142a52806eb5f34d92ea56aa3408a148
SSDEEP

6144:bkqbvaFG43aDn8dlHSKaEc/34svsJMiS0cdUeLpDebYSuyOB:bbvq/aDn8dl1c/uJMfLLsbduf

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3944	1876	WerFault.exe	87
216	1876	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 3944	1876	7a9a24b9d1c52c5620e6d2f012a0fd74.exe	92
PID 1876 wrote to memory of 3944	1876	7a9a24b9d1c52c5620e6d2f012a0fd74.exe	92
PID 1876 wrote to memory of 3944	1876	7a9a24b9d1c52c5620e6d2f012a0fd74.exe	92

C:\Users\Admin\AppData\Local\Temp\7a9a24b9d1c52c5620e6d2f012a0fd74.exe
"C:\Users\Admin\AppData\Local\Temp\7a9a24b9d1c52c5620e6d2f012a0fd74.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 264
  2⤵
  - Program crash
  PID:3944
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 264
  2⤵
  - Program crash
  PID:216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1876 -ip 1876
1⤵
PID:3928