b8fd73dea91a099a893a08d727ca03ed28027bf10a1a2220eacb9cf8f78798d7

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
06-01-2024 16:34

Target

46b241cefd97b6bdba5d708bc4357208.exe
Size

349KB
MD5

46b241cefd97b6bdba5d708bc4357208
SHA1

cd2eb1a82b10a9ca9dc67981bc4476f99aa25d9b
SHA256

b8fd73dea91a099a893a08d727ca03ed28027bf10a1a2220eacb9cf8f78798d7
SHA512

5dd1138ef5c1e4ea4bb4fa71135a78289a80d14899fc7d78a21a6c11ec5b0221f0ca14f320e617090e8f9ac6dc34ec9259aea24d51a2fb8a30e3eb378caac909
SSDEEP

6144:Ym7gwPLSTkiYELAOavtyxfskZBg2z+2hYSYyHo6tSKn9Q3:YagoJiYtd0xfskZe7z2rZi

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2024	2224	WerFault.exe	10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2024	2224	46b241cefd97b6bdba5d708bc4357208.exe	28
PID 2224 wrote to memory of 2024	2224	46b241cefd97b6bdba5d708bc4357208.exe	28
PID 2224 wrote to memory of 2024	2224	46b241cefd97b6bdba5d708bc4357208.exe	28
PID 2224 wrote to memory of 2024	2224	46b241cefd97b6bdba5d708bc4357208.exe	28

C:\Users\Admin\AppData\Local\Temp\46b241cefd97b6bdba5d708bc4357208.exe
"C:\Users\Admin\AppData\Local\Temp\46b241cefd97b6bdba5d708bc4357208.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 88
  2⤵
  - Program crash
  PID:2024

memory/2224-0-0x0000000000400000-0x00000000004CC200-memory.dmp

Filesize
816KB

Download