591101ef4316373b7704eb5a0317b564749ba4436b8c1ad244f8d2fa6be60a43

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/01/2024, 09:22

Target

591101ef4316373b7704eb5a0317b564749ba4436b8c1ad244f8d2fa6be60a43.exe
Size

1018KB
MD5

aca220b6a9f58d8e40e01a90245765f6
SHA1

a5d6ef5de2fc8179747c49f28707ed3f7775774f
SHA256

591101ef4316373b7704eb5a0317b564749ba4436b8c1ad244f8d2fa6be60a43
SHA512

099fcfa8d052e08908e4195a03c1761e17cbec5dc494b22cd1cb3b1680aefb053455abe9a09125f6d2f89d873ba721722a321aa07d27460636630ed72dd0151c
SSDEEP

24576:HQF4rmQdhZjUg9QGkaC3jgZhmZZ/Xkf4eMdw5T:eIqQvWjShmZZ/XG4eMK5T

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2808	2608	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 2808	2608	591101ef4316373b7704eb5a0317b564749ba4436b8c1ad244f8d2fa6be60a43.exe	28
PID 2608 wrote to memory of 2808	2608	591101ef4316373b7704eb5a0317b564749ba4436b8c1ad244f8d2fa6be60a43.exe	28
PID 2608 wrote to memory of 2808	2608	591101ef4316373b7704eb5a0317b564749ba4436b8c1ad244f8d2fa6be60a43.exe	28
PID 2608 wrote to memory of 2808	2608	591101ef4316373b7704eb5a0317b564749ba4436b8c1ad244f8d2fa6be60a43.exe	28

C:\Users\Admin\AppData\Local\Temp\591101ef4316373b7704eb5a0317b564749ba4436b8c1ad244f8d2fa6be60a43.exe
"C:\Users\Admin\AppData\Local\Temp\591101ef4316373b7704eb5a0317b564749ba4436b8c1ad244f8d2fa6be60a43.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 36
  2⤵
  - Program crash
  PID:2808

memory/2608-0-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download
memory/2608-1-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download