1d5ac62a65aa0e2ec96fcb65e402e1d90ed9ded7b9b5161c3ef24d5b4ea9de53

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09-01-2024 10:15

Target

4e0a6907a85cbacdd0872a54e39b5241.exe
Size

293KB
MD5

4e0a6907a85cbacdd0872a54e39b5241
SHA1

59300c1a3dba40cdc8ddc577a58c4010f11262d0
SHA256

1d5ac62a65aa0e2ec96fcb65e402e1d90ed9ded7b9b5161c3ef24d5b4ea9de53
SHA512

dc8e5b87e87b3fdd790afe4205ec075bd466ad6a8eb3bade0ea410f6dcc0a126f339e9d338a0bb718f272e90e62bb08ea2dfd2e6a4d040cf020bacb5e239516e
SSDEEP

6144:vPdMhMANEVzGlcEDUl4qaRYVQZvJTGbusJRhgnGXcMD7Xm2BeddhMHyNgh:kNEh8cSLqdusisDhgnGHBBedDMSNA

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2336 2420 WerFault.exe 4e0a6907a85cbacdd0872a54e39b5241.exe

pid	pid_target	process	target process
2336	2420	WerFault.exe	4e0a6907a85cbacdd0872a54e39b5241.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

4e0a6907a85cbacdd0872a54e39b5241.exe

description	pid	process	target process
PID 2420 wrote to memory of 2336	2420	4e0a6907a85cbacdd0872a54e39b5241.exe	WerFault.exe
PID 2420 wrote to memory of 2336	2420	4e0a6907a85cbacdd0872a54e39b5241.exe	WerFault.exe
PID 2420 wrote to memory of 2336	2420	4e0a6907a85cbacdd0872a54e39b5241.exe	WerFault.exe
PID 2420 wrote to memory of 2336	2420	4e0a6907a85cbacdd0872a54e39b5241.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\4e0a6907a85cbacdd0872a54e39b5241.exe
"C:\Users\Admin\AppData\Local\Temp\4e0a6907a85cbacdd0872a54e39b5241.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 140
2⤵
- Program crash
PID:2336

memory/2420-0-0x00000000006B0000-0x00000000006F1000-memory.dmp

Filesize
260KB

Download
memory/2420-1-0x0000000000700000-0x000000000074B000-memory.dmp

Filesize
300KB

Download