faf860a503e3988eae118fcce67a6c37aa321bf9c6dd450e0fe641b8ca68a3e2

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/01/2024, 13:22

Target

SecuriteInfo.com.Variant.Zusy.347240.15070.63.exe
Size

172KB
MD5

28e8dc06ead687cbd4aa6f744afd7c9c
SHA1

8322e93b1c3ad29343b31c79332221d49dc14f04
SHA256

faf860a503e3988eae118fcce67a6c37aa321bf9c6dd450e0fe641b8ca68a3e2
SHA512

b0f6e5b77233b88c87a23279bc60a292ff72bdb327cbfde2c1f773741dd1c801ccf90df205d5472bb2ef236413fad261dec4e6f998d84dd95b707cb21e861afa
SSDEEP

1536:0RdABqleTN5wLLJ8ZGCyadWKPBgrNSpkQiZyKBAdpBWEPTcCdxkZPZ1oUwq:gdbeTNaLCwggr4FiHAnujoUwq

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2072	2460	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2072	2460	SecuriteInfo.com.Variant.Zusy.347240.15070.63.exe	28
PID 2460 wrote to memory of 2072	2460	SecuriteInfo.com.Variant.Zusy.347240.15070.63.exe	28
PID 2460 wrote to memory of 2072	2460	SecuriteInfo.com.Variant.Zusy.347240.15070.63.exe	28
PID 2460 wrote to memory of 2072	2460	SecuriteInfo.com.Variant.Zusy.347240.15070.63.exe	28

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Zusy.347240.15070.63.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Zusy.347240.15070.63.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 36
  2⤵
  - Program crash
  PID:2072