4fbaf0b5eaff288d5c1e01de43a00c40ae600dbd2129e9dc0a36e51643ddf6f6

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04-01-2024 22:55

Target

422185bd865cee38150aec032c195149.exe
Size

6KB
MD5

422185bd865cee38150aec032c195149
SHA1

bf9c5721deaeb6c3a3d9114789d8340f1ef9568e
SHA256

4fbaf0b5eaff288d5c1e01de43a00c40ae600dbd2129e9dc0a36e51643ddf6f6
SHA512

e10d37caac748c1c0c98ea48bb008806cf228a2165b4fc6637eea88c34384d134c6c93890061490c85013a0df2cbc813392b3c2bc2135edcc7d6e45a7b541691
SSDEEP

96:loe+Phh0+pYrN+EYjHB9cgQuwt4mPLognYD5KV+rxz6QBWAO:UpYglBKgQ7mQOlo+YyO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2868	3012	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2868	3012	422185bd865cee38150aec032c195149.exe	16
PID 3012 wrote to memory of 2868	3012	422185bd865cee38150aec032c195149.exe	16
PID 3012 wrote to memory of 2868	3012	422185bd865cee38150aec032c195149.exe	16
PID 3012 wrote to memory of 2868	3012	422185bd865cee38150aec032c195149.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 36
1⤵
- Program crash
PID:2868

C:\Users\Admin\AppData\Local\Temp\422185bd865cee38150aec032c195149.exe
"C:\Users\Admin\AppData\Local\Temp\422185bd865cee38150aec032c195149.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3012