5a00296f9e402fab21d86f5a5f6833ada6b44793e0757600f7d1472fc2cc1217

Analysis

max time kernel
141s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 10:29

Target

50508f1a3f1c38badd7fec14072ca09f.exe
Size

250KB
MD5

50508f1a3f1c38badd7fec14072ca09f
SHA1

75a87e2b5b16cc958927fc8ae5c2e12a742998e5
SHA256

5a00296f9e402fab21d86f5a5f6833ada6b44793e0757600f7d1472fc2cc1217
SHA512

c22c25f3530b38de381899505193bcdb53335ae52c0a8cdd83455ac2a192a4a3e31ff8e89fdf7799aeac4b264d1aa5d212ae3f78ee4f1de072c98f6a008cc241
SSDEEP

6144:vxa5iQdtitzhUeW4W+M5ZLbhNObCRTA7m5VtUWpWN07Y:Y5iQ4zHdkLbUATPVtUkWN08

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	\??\c:\windows\SysWOW64\Sys.exe	50508f1a3f1c38badd7fec14072ca09f.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2828	2656	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2828	2656	50508f1a3f1c38badd7fec14072ca09f.exe	28
PID 2656 wrote to memory of 2828	2656	50508f1a3f1c38badd7fec14072ca09f.exe	28
PID 2656 wrote to memory of 2828	2656	50508f1a3f1c38badd7fec14072ca09f.exe	28
PID 2656 wrote to memory of 2828	2656	50508f1a3f1c38badd7fec14072ca09f.exe	28

C:\Users\Admin\AppData\Local\Temp\50508f1a3f1c38badd7fec14072ca09f.exe
"C:\Users\Admin\AppData\Local\Temp\50508f1a3f1c38badd7fec14072ca09f.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 804
  2⤵
  - Program crash
  PID:2828

memory/2656-0-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2656-1-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/2656-3-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download