54ac7f296f39482bd55049dfe1c07f417c4f55325c24f92098645506f4a419a3

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 04:03

Target

47f9e8780dd1e8f715c274e6036038d0.exe
Size

119KB
MD5

47f9e8780dd1e8f715c274e6036038d0
SHA1

e22490ef951b9e06ddb6e8c76e8d1017e2fa1409
SHA256

54ac7f296f39482bd55049dfe1c07f417c4f55325c24f92098645506f4a419a3
SHA512

be35c89c446730eb1ec1a247c623b83a5ee6c9006144b2bca2fc2f81574939920d59588e35c9bf795074203b7699fb9359164f8e6077e99fc220090e9e6257b5
SSDEEP

3072:pWxVI+om2+SWCRtk8yrqSabs+r5P8Oqc23EQYdExJU0ZgE:MQPz0q5b/r50OqlLYEJ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3020	2996	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 3020	2996	47f9e8780dd1e8f715c274e6036038d0.exe	28
PID 2996 wrote to memory of 3020	2996	47f9e8780dd1e8f715c274e6036038d0.exe	28
PID 2996 wrote to memory of 3020	2996	47f9e8780dd1e8f715c274e6036038d0.exe	28
PID 2996 wrote to memory of 3020	2996	47f9e8780dd1e8f715c274e6036038d0.exe	28

C:\Users\Admin\AppData\Local\Temp\47f9e8780dd1e8f715c274e6036038d0.exe
"C:\Users\Admin\AppData\Local\Temp\47f9e8780dd1e8f715c274e6036038d0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 136
  2⤵
  - Program crash
  PID:3020

memory/2996-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2996-3-0x0000000000220000-0x0000000000240000-memory.dmp

Filesize
128KB

Download
memory/2996-2-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2996-1-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2996-4-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download