0bc479e622fcc1b685181eabd7d45a96311e74fa88b60fc60242ba9d960e64a9

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 14:28

Target

411ab4b739c6afc37afe95ff039f327e.exe
Size

51KB
MD5

411ab4b739c6afc37afe95ff039f327e
SHA1

543b87c05d2d97cc624aa7f58ad2343a0507ca98
SHA256

0bc479e622fcc1b685181eabd7d45a96311e74fa88b60fc60242ba9d960e64a9
SHA512

436fbe9b1edc96ebc538916ad0e650abf2a37c476dfc7cf9393c7684618d707eb481ce72b1d05240004bbd13a29cdd164a7ff544b3df39dff6648cbb74da450b
SSDEEP

768:ZgEQt4biL5cpPyRMUeuNekdYCSi6PsmZmkE3hB0SK3Zf+pX:ZgEQtcpPyOUhU/CSRZE3hOSIZfw

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1772	2068	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 1772	2068	411ab4b739c6afc37afe95ff039f327e.exe	28
PID 2068 wrote to memory of 1772	2068	411ab4b739c6afc37afe95ff039f327e.exe	28
PID 2068 wrote to memory of 1772	2068	411ab4b739c6afc37afe95ff039f327e.exe	28
PID 2068 wrote to memory of 1772	2068	411ab4b739c6afc37afe95ff039f327e.exe	28

C:\Users\Admin\AppData\Local\Temp\411ab4b739c6afc37afe95ff039f327e.exe
"C:\Users\Admin\AppData\Local\Temp\411ab4b739c6afc37afe95ff039f327e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 88
  2⤵
  - Program crash
  PID:1772