bf77eb61ecaaa209ce6096fcad163f66ee9b23e2dda1da4b681a5f510973fe50

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 17:16

Target

4994a1adb46dacd397a6e88291eddcd5.exe
Size

18KB
MD5

4994a1adb46dacd397a6e88291eddcd5
SHA1

33c9913c43f7c823e6c4ea773cebdf339fef32a0
SHA256

bf77eb61ecaaa209ce6096fcad163f66ee9b23e2dda1da4b681a5f510973fe50
SHA512

67d8621ba240f16eccf8086e890a6360eb4c0188332a5078a836024ea11303b1cfaf4b49c3df88a79e975252a4a540330934afdc35803da71b293bbd818d59eb
SSDEEP

384:gIlc+R17YJPivb7lIvdZ2oaoP6GUnpcD0jjj9CUbUe1ZRikH:gIlrRzNIFZ25oPunpcD0hCW1ZRiw

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2888	928	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 2888	928	4994a1adb46dacd397a6e88291eddcd5.exe	28
PID 928 wrote to memory of 2888	928	4994a1adb46dacd397a6e88291eddcd5.exe	28
PID 928 wrote to memory of 2888	928	4994a1adb46dacd397a6e88291eddcd5.exe	28
PID 928 wrote to memory of 2888	928	4994a1adb46dacd397a6e88291eddcd5.exe	28

C:\Users\Admin\AppData\Local\Temp\4994a1adb46dacd397a6e88291eddcd5.exe
"C:\Users\Admin\AppData\Local\Temp\4994a1adb46dacd397a6e88291eddcd5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:928
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 88
  2⤵
  - Program crash
  PID:2888

memory/928-0-0x0000000000400000-0x000000000040A200-memory.dmp

Filesize
40KB

Download
memory/928-1-0x0000000000400000-0x000000000040A200-memory.dmp

Filesize
40KB

Download