05df234872ddfd54856b977b70950d4cf4df3e063a29754a5972f0489ea1a529

Analysis

max time kernel
140s
max time network
127s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 17:34

Target

4407299e7200e7019072d1ce75d39576.exe
Size

91KB
MD5

4407299e7200e7019072d1ce75d39576
SHA1

949eaba1c9bf488e775df42b9300450a211ef43c
SHA256

05df234872ddfd54856b977b70950d4cf4df3e063a29754a5972f0489ea1a529
SHA512

17760e91a6d45e824cad639d6336eff3e12f7160157a22c16127ebd27871597412f70d53f7bc0d61760df00307cf91f5223f41cb930344dc9921ad600cb89183
SSDEEP

1536:TwvS0J8nQiuHWpQhTFqDAPuRSnfTMDJXF+QxFwoLks4s7jCMhFXFYFo4Gt820hQr:UvjEvuHWpiUAPuR+LMDPFwo4sPjFXFCU

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2148	3052	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 2148	3052	4407299e7200e7019072d1ce75d39576.exe	28
PID 3052 wrote to memory of 2148	3052	4407299e7200e7019072d1ce75d39576.exe	28
PID 3052 wrote to memory of 2148	3052	4407299e7200e7019072d1ce75d39576.exe	28
PID 3052 wrote to memory of 2148	3052	4407299e7200e7019072d1ce75d39576.exe	28

C:\Users\Admin\AppData\Local\Temp\4407299e7200e7019072d1ce75d39576.exe
"C:\Users\Admin\AppData\Local\Temp\4407299e7200e7019072d1ce75d39576.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 148
  2⤵
  - Program crash
  PID:2148

memory/3052-0-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download