527aa157df6510894b5354c007c07ecab45bd76353789ea73e05ce9bf5481707

Analysis

max time kernel
121s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 02:49

Target

251eaca00b090a4ae54db5ccdc14430b.exe
Size

293KB
MD5

251eaca00b090a4ae54db5ccdc14430b
SHA1

10f1d41612afa36e0508ecfac2f7cdfdb88d5b00
SHA256

527aa157df6510894b5354c007c07ecab45bd76353789ea73e05ce9bf5481707
SHA512

796fc6b1f94381caa848cb28ae79fc89f29fc2d8c515b7eb66017f6d16cd0cec2bc8376e6380de461519cf1980ae12485a0e87dca0555eb0d7823879a7efd90f
SSDEEP

6144:/PdMcMANEVzGlcEDUl4qaRYVQfJTGbusJRhgnGXcVD7Xm2BeddhMH5VkE:tNEh8cSLqdAsisDhgnGWBBedDMZVh

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2792 2692 WerFault.exe 251eaca00b090a4ae54db5ccdc14430b.exe

pid	pid_target	process	target process
2792	2692	WerFault.exe	251eaca00b090a4ae54db5ccdc14430b.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

251eaca00b090a4ae54db5ccdc14430b.exe

description	pid	process	target process
PID 2692 wrote to memory of 2792	2692	251eaca00b090a4ae54db5ccdc14430b.exe	WerFault.exe
PID 2692 wrote to memory of 2792	2692	251eaca00b090a4ae54db5ccdc14430b.exe	WerFault.exe
PID 2692 wrote to memory of 2792	2692	251eaca00b090a4ae54db5ccdc14430b.exe	WerFault.exe
PID 2692 wrote to memory of 2792	2692	251eaca00b090a4ae54db5ccdc14430b.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\251eaca00b090a4ae54db5ccdc14430b.exe
"C:\Users\Admin\AppData\Local\Temp\251eaca00b090a4ae54db5ccdc14430b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 140
2⤵
- Program crash
PID:2792