7e1c4da453115f753c7f0dbfa3f831d4426074e9e7dc1afa6ecbc2a2af2cd68c

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09-01-2024 00:41

Target

4ce2440ad8de7d0cc0a0a3e8747cc9a9.exe
Size

64KB
MD5

4ce2440ad8de7d0cc0a0a3e8747cc9a9
SHA1

1448fc6ff90944b20995b2575a2c76716249b6dc
SHA256

7e1c4da453115f753c7f0dbfa3f831d4426074e9e7dc1afa6ecbc2a2af2cd68c
SHA512

38459d3eeae5c2b0eb84216b60518e480eb902e80be8f366ad8b2166a06f0ec89c5c7d89a557e5e2ea3b71ded1b6f3e6c1273aa992d56b6b34993813d836f72f
SSDEEP

768:03Jpfx+Ml5qQ2SYQNqS8atBuvniQP7av8BYBLCg5t77xGHAryObwrp68kXXaWNY1:05sQQaqS9tQX+WsGHGyA0pnk6WVD0EB8

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2684	2408	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2408	4ce2440ad8de7d0cc0a0a3e8747cc9a9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2684	2408	4ce2440ad8de7d0cc0a0a3e8747cc9a9.exe	28
PID 2408 wrote to memory of 2684	2408	4ce2440ad8de7d0cc0a0a3e8747cc9a9.exe	28
PID 2408 wrote to memory of 2684	2408	4ce2440ad8de7d0cc0a0a3e8747cc9a9.exe	28
PID 2408 wrote to memory of 2684	2408	4ce2440ad8de7d0cc0a0a3e8747cc9a9.exe	28

C:\Users\Admin\AppData\Local\Temp\4ce2440ad8de7d0cc0a0a3e8747cc9a9.exe
"C:\Users\Admin\AppData\Local\Temp\4ce2440ad8de7d0cc0a0a3e8747cc9a9.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 92
  2⤵
  - Program crash
  PID:2684