447a1ac7f2b75cc2a22729cc66aebcf429107c76bd93af175c2536148a95b176

Analysis

max time kernel
142s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 08:43

Target

406688b6ba5f25a00ea2798b797046a3.exe
Size

454KB
MD5

406688b6ba5f25a00ea2798b797046a3
SHA1

ba062f6c7d9630ba3bfd5d5a0a12a6b0906aa93d
SHA256

447a1ac7f2b75cc2a22729cc66aebcf429107c76bd93af175c2536148a95b176
SHA512

b5a2fd651e3258b4e623dbf1eb0f221051af08fef8dc7d87c192b176313d746c9a8304f43c203c835ec838fed111716c463bca0840329ab56c9adbccde312171
SSDEEP

12288:+dxYXrekrbSZXLQ2ZhOY9U+9UzZlN7NcH5yF0W1buwoHnL6eSoXArhvkN:jbeC0LVZlzELB05o0W1doHL6eSoKE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
532	2208	WerFault.exe	27

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 532	2208	406688b6ba5f25a00ea2798b797046a3.exe	28
PID 2208 wrote to memory of 532	2208	406688b6ba5f25a00ea2798b797046a3.exe	28
PID 2208 wrote to memory of 532	2208	406688b6ba5f25a00ea2798b797046a3.exe	28
PID 2208 wrote to memory of 532	2208	406688b6ba5f25a00ea2798b797046a3.exe	28
PID 2208 wrote to memory of 532	2208	406688b6ba5f25a00ea2798b797046a3.exe	28
PID 2208 wrote to memory of 532	2208	406688b6ba5f25a00ea2798b797046a3.exe	28
PID 2208 wrote to memory of 532	2208	406688b6ba5f25a00ea2798b797046a3.exe	28

C:\Users\Admin\AppData\Local\Temp\406688b6ba5f25a00ea2798b797046a3.exe
"C:\Users\Admin\AppData\Local\Temp\406688b6ba5f25a00ea2798b797046a3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 268
  2⤵
  - Program crash
  PID:532

memory/2208-0-0x0000000001000000-0x0000000001076000-memory.dmp

Filesize
472KB

Download