9b47c2413ad4325e56f941e8f226e2c7cd26a330dae96f61cef7688e20d95353

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 23:57

Target

4ccb6bcc93e756228473dff6e399f984.exe
Size

29KB
MD5

4ccb6bcc93e756228473dff6e399f984
SHA1

bf01545e9a6783db276175621f851b49df365e8f
SHA256

9b47c2413ad4325e56f941e8f226e2c7cd26a330dae96f61cef7688e20d95353
SHA512

d10618824a8177486bc478bbe9b74a7fd92e8e1602d0fbcb6d3f6b5cf401cd2f8f10993a31faef44137cd2355ed2c4bb75ca4bc9ed82e28819ecf2f223b61892
SSDEEP

384:TGsaVaNK73DVyIP+VPXDmj1/G662MtoOJ+BPJwKW:TGscsKDDVyImVPiBNbMGEGzW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1184	936	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 936 wrote to memory of 1184	936	4ccb6bcc93e756228473dff6e399f984.exe	14
PID 936 wrote to memory of 1184	936	4ccb6bcc93e756228473dff6e399f984.exe	14
PID 936 wrote to memory of 1184	936	4ccb6bcc93e756228473dff6e399f984.exe	14
PID 936 wrote to memory of 1184	936	4ccb6bcc93e756228473dff6e399f984.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 92
1⤵
- Program crash
PID:1184

C:\Users\Admin\AppData\Local\Temp\4ccb6bcc93e756228473dff6e399f984.exe
"C:\Users\Admin\AppData\Local\Temp\4ccb6bcc93e756228473dff6e399f984.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:936