21c9f57d98fb0df03afe61d35256a95923252846d8d20b6c4409f288a0b434fd

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 23:17

Target

44af416d357139a4f9f5f1f5ea48eaa6.exe
Size

40KB
MD5

44af416d357139a4f9f5f1f5ea48eaa6
SHA1

b323027e4cbfdd4dce84d3b188561e2ba5c8e1fc
SHA256

21c9f57d98fb0df03afe61d35256a95923252846d8d20b6c4409f288a0b434fd
SHA512

732fb62786913a4bbf8cacbc98111fa9e3b27f6955a14cb7bd8e5b6a86c4a9111c585561f6e8d26d1fc1357b3f8230d5c67e898365b905673c43fda53cac2eae
SSDEEP

768:PB2JGYVNfV6vrFDPwp2Gt7YHN0m5vcdXwPXDzHvzExAPOE/3MwVrJ7H8oWXRrK:p2oAfIrJwp2Gium5vcxwPzzvzEx6L/Fb

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1792	1520	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 1792	1520	44af416d357139a4f9f5f1f5ea48eaa6.exe	16
PID 1520 wrote to memory of 1792	1520	44af416d357139a4f9f5f1f5ea48eaa6.exe	16
PID 1520 wrote to memory of 1792	1520	44af416d357139a4f9f5f1f5ea48eaa6.exe	16
PID 1520 wrote to memory of 1792	1520	44af416d357139a4f9f5f1f5ea48eaa6.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 44
1⤵
- Program crash
PID:1792

C:\Users\Admin\AppData\Local\Temp\44af416d357139a4f9f5f1f5ea48eaa6.exe
"C:\Users\Admin\AppData\Local\Temp\44af416d357139a4f9f5f1f5ea48eaa6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1520

memory/1520-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1520-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1520-2-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download