c9d5cdf0a969abd0e25b90418c4f1a8c6d430ac2089223ea29d8e22f5330d116

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07-01-2024 10:38

Target

48bfd92c5debf8f23f866103f81daffc.exe
Size

69KB
MD5

48bfd92c5debf8f23f866103f81daffc
SHA1

445ea7ff7cf4f87a9207f0b3a22301d9f4f3f543
SHA256

c9d5cdf0a969abd0e25b90418c4f1a8c6d430ac2089223ea29d8e22f5330d116
SHA512

4dfec1220af0d8efb3b724d4f745e531c3ddf460c7893dbd2c854b0606d84388b6c437a43aab8f5d831d51831baa9913fe5b9397a38ea64f1035e17f41162bd5
SSDEEP

1536:wbDshEjGVw5tbjV6w3vT2gDCpx7LJzBClNhkCqNjPTyIjC4LDs:gDsxwjjV/3r2OCb5IUjPTNjC4LDs

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2368	2372	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2368	2372	48bfd92c5debf8f23f866103f81daffc.exe	28
PID 2372 wrote to memory of 2368	2372	48bfd92c5debf8f23f866103f81daffc.exe	28
PID 2372 wrote to memory of 2368	2372	48bfd92c5debf8f23f866103f81daffc.exe	28
PID 2372 wrote to memory of 2368	2372	48bfd92c5debf8f23f866103f81daffc.exe	28

C:\Users\Admin\AppData\Local\Temp\48bfd92c5debf8f23f866103f81daffc.exe
"C:\Users\Admin\AppData\Local\Temp\48bfd92c5debf8f23f866103f81daffc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 44
  2⤵
  - Program crash
  PID:2368