bc9c34b7bfbaa4a3be78ad770a96dc46f842bccf18d66e9c8a7ae67cde57884a

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07-01-2024 12:58

Target

490bf4cf5e1694c35ecd742c05287613.exe
Size

107KB
MD5

490bf4cf5e1694c35ecd742c05287613
SHA1

2e73f6dd7ea6828b31a93fad91e58fac1062a26e
SHA256

bc9c34b7bfbaa4a3be78ad770a96dc46f842bccf18d66e9c8a7ae67cde57884a
SHA512

2c948a5b65f16a458387640e53bc9b58fced76d3f0313a1c06325cb9671eeaca2345dbebfe6e8adcd124b813a68bb251fcfbaf54d44bbd2ace551bc9f23936c8
SSDEEP

3072:wKAzESIDMgeEgo4dFwnvPKKfNjdy7pHxSjqT:vKIDMcghwnXhIjSjE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3028	880	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 3028	880	490bf4cf5e1694c35ecd742c05287613.exe	13
PID 880 wrote to memory of 3028	880	490bf4cf5e1694c35ecd742c05287613.exe	13
PID 880 wrote to memory of 3028	880	490bf4cf5e1694c35ecd742c05287613.exe	13
PID 880 wrote to memory of 3028	880	490bf4cf5e1694c35ecd742c05287613.exe	13

C:\Users\Admin\AppData\Local\Temp\490bf4cf5e1694c35ecd742c05287613.exe
"C:\Users\Admin\AppData\Local\Temp\490bf4cf5e1694c35ecd742c05287613.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:880
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 160
  2⤵
  - Program crash
  PID:3028

memory/880-1-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/880-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/880-2-0x0000000000220000-0x0000000000250000-memory.dmp

Filesize
192KB

Download
memory/880-3-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/880-4-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download