e549017c6709bdf7aa310018138df19089780abd404020b2950556bae5091317

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 14:13

Target

49310f4d5d2a073fb79376d1ea3effdc.exe
Size

235KB
MD5

49310f4d5d2a073fb79376d1ea3effdc
SHA1

69da757c0dc1810508225fdf88bdb68c58733c1c
SHA256

e549017c6709bdf7aa310018138df19089780abd404020b2950556bae5091317
SHA512

3521e4225c98139d72ef2e8cf3b84f7fe7f90ae35148728cf45a490c4ca75168dd9088aac2763c67c85c4a1a74405eaaca786e357d963d85d9abcc8852142484
SSDEEP

6144:Ik0yeDbA+U7ReAT0hxonJMabFR45PrvxIKpGPnbBa9:oDEjReAT0hxonJMaJ2vxInY9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2208	1340	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 2208	1340	49310f4d5d2a073fb79376d1ea3effdc.exe	28
PID 1340 wrote to memory of 2208	1340	49310f4d5d2a073fb79376d1ea3effdc.exe	28
PID 1340 wrote to memory of 2208	1340	49310f4d5d2a073fb79376d1ea3effdc.exe	28
PID 1340 wrote to memory of 2208	1340	49310f4d5d2a073fb79376d1ea3effdc.exe	28

C:\Users\Admin\AppData\Local\Temp\49310f4d5d2a073fb79376d1ea3effdc.exe
"C:\Users\Admin\AppData\Local\Temp\49310f4d5d2a073fb79376d1ea3effdc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 44
  2⤵
  - Program crash
  PID:2208