679a4974ab63899ed62e52788c391369675a904adc969c93d4ec274dada141d2

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 01:57

Target

59fa728668cadc67f6c031e08cf7d203.exe
Size

193KB
MD5

59fa728668cadc67f6c031e08cf7d203
SHA1

6fe6f0f77504d02560e2ce3cea79e01dc8dc1c8e
SHA256

679a4974ab63899ed62e52788c391369675a904adc969c93d4ec274dada141d2
SHA512

9e273dc3707de2a13e58d78bb6f5694493886f88ffc1a5893fd7290be509be56439cd8d31c247d7bf72ad9a2f650af4dca84d5eaf175687572b347a3e967318b
SSDEEP

3072:pR2xn3k0CdM1vabyzJYWqSSpbaxhptgiHaKruj3A3dS5DFZSHZFD:pR2J0LS6VTI/fjaHQ31V

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2296	59fa728668cadc67f6c031e08cf7d203mgr.exe

Loads dropped DLL 9 IoCs

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2484	112	WerFault.exe	20
2104	2296	WerFault.exe	28

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 2296	112	59fa728668cadc67f6c031e08cf7d203.exe	28
PID 112 wrote to memory of 2296	112	59fa728668cadc67f6c031e08cf7d203.exe	28
PID 112 wrote to memory of 2296	112	59fa728668cadc67f6c031e08cf7d203.exe	28
PID 112 wrote to memory of 2296	112	59fa728668cadc67f6c031e08cf7d203.exe	28
PID 112 wrote to memory of 2484	112	59fa728668cadc67f6c031e08cf7d203.exe	29
PID 112 wrote to memory of 2484	112	59fa728668cadc67f6c031e08cf7d203.exe	29
PID 112 wrote to memory of 2484	112	59fa728668cadc67f6c031e08cf7d203.exe	29
PID 112 wrote to memory of 2484	112	59fa728668cadc67f6c031e08cf7d203.exe	29
PID 2296 wrote to memory of 2104	2296	59fa728668cadc67f6c031e08cf7d203mgr.exe	30
PID 2296 wrote to memory of 2104	2296	59fa728668cadc67f6c031e08cf7d203mgr.exe	30
PID 2296 wrote to memory of 2104	2296	59fa728668cadc67f6c031e08cf7d203mgr.exe	30
PID 2296 wrote to memory of 2104	2296	59fa728668cadc67f6c031e08cf7d203mgr.exe	30

C:\Users\Admin\AppData\Local\Temp\59fa728668cadc67f6c031e08cf7d203.exe
"C:\Users\Admin\AppData\Local\Temp\59fa728668cadc67f6c031e08cf7d203.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:112
- C:\Users\Admin\AppData\Local\Temp\59fa728668cadc67f6c031e08cf7d203mgr.exe
  C:\Users\Admin\AppData\Local\Temp\59fa728668cadc67f6c031e08cf7d203mgr.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2296
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 156
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2104
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 152
  2⤵
  - Program crash
  PID:2484

C:\Users\Admin\AppData\Local\Temp\59fa728668cadc67f6c031e08cf7d203mgr.exe

Filesize
95KB

MD5
f8a6e7529ad1b00a18c6ca2702521471

SHA1
2cadb00ca99be622623dc78095f594bedfec7534

SHA256
ce8e07cec9c3857f48e20916c65413335ab480b0c3d70345e98147b2ff7b8de6

SHA512
e1c3f164aa58360e4b664341ddea907fe990fa93de6f1e98b4fe87bf713e62b50191d738afc5591ead628f6f58dead74d78d26267ac03079f96bcb85b93ce2f7

Download Submit
memory/112-0-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/112-6-0x0000000000150000-0x0000000000188000-memory.dmp

Filesize
224KB

Download
memory/112-18-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/112-19-0x0000000000150000-0x0000000000188000-memory.dmp

Filesize
224KB

Download
memory/112-20-0x0000000000150000-0x0000000000188000-memory.dmp

Filesize
224KB

Download
memory/2296-10-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download