cd9a1931553d04a39b4d5625d7cd2199e7385ad899e9c6867784355e7a0b81db

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08-01-2024 23:05

Target

4cb11615ed057f83ad628d669db37179.exe
Size

290KB
MD5

4cb11615ed057f83ad628d669db37179
SHA1

14a3fe1e400008c1c5a6e305450057468e292785
SHA256

cd9a1931553d04a39b4d5625d7cd2199e7385ad899e9c6867784355e7a0b81db
SHA512

8e6b36d86049f6ecac74440330f1b202817331c0b7ef34f2866546bd8e9e9a7028b6fabe4c8c2bb70a191959f95b9cd83c467286de720ea7c94783fccb5bd5df
SSDEEP

6144:PnayUQcVyDqlv6I2JDT1yxmvOZnNyWWLvseKQKbfs4L+0r:vbUQS8A4F1yxNyW8UeKpgEtr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
848	2380	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 848	2380	4cb11615ed057f83ad628d669db37179.exe	16
PID 2380 wrote to memory of 848	2380	4cb11615ed057f83ad628d669db37179.exe	16
PID 2380 wrote to memory of 848	2380	4cb11615ed057f83ad628d669db37179.exe	16
PID 2380 wrote to memory of 848	2380	4cb11615ed057f83ad628d669db37179.exe	16

C:\Users\Admin\AppData\Local\Temp\4cb11615ed057f83ad628d669db37179.exe
"C:\Users\Admin\AppData\Local\Temp\4cb11615ed057f83ad628d669db37179.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 224
  2⤵
  - Program crash
  PID:848

memory/2380-3-0x0000000000400000-0x00000000004C6604-memory.dmp

Filesize
793KB

Download
memory/2380-4-0x0000000000400000-0x00000000004C6604-memory.dmp

Filesize
793KB

Download
memory/2380-2-0x0000000000400000-0x00000000004C6604-memory.dmp

Filesize
793KB

Download
memory/2380-1-0x0000000000400000-0x00000000004C6604-memory.dmp

Filesize
793KB

Download
memory/2380-0-0x0000000000400000-0x00000000004C6604-memory.dmp

Filesize
793KB

Download