d50e24bc02682aba754606875910aaf841f8f52781301777f7f9949a1df0950e

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 10:25

Target

5afe92eae9fb9d4a2dded5156ec55a73.exe
Size

122KB
MD5

5afe92eae9fb9d4a2dded5156ec55a73
SHA1

9224436f8c3a5be13a8bbe5ed5201585c20a32b4
SHA256

d50e24bc02682aba754606875910aaf841f8f52781301777f7f9949a1df0950e
SHA512

b5760b0e395eaf0783b391da5b6f17407df79ca373a78f940e643ea85ff8b04de751b1bf56719b2f6bbe88e06da7c7d9443992720cf6e3fdb4d788a3ec87de69
SSDEEP

1536:NcAFr5sQEsFQ4zj5XmkQa64ZPV/Oyvy3AIXq7xXJWQ8U9lJDA8pKBk9WZpVTXS0H:aAFZdJo9Eq3juJxD9M8pWXJUk

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
952	1736	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 952	1736	5afe92eae9fb9d4a2dded5156ec55a73.exe	14
PID 1736 wrote to memory of 952	1736	5afe92eae9fb9d4a2dded5156ec55a73.exe	14
PID 1736 wrote to memory of 952	1736	5afe92eae9fb9d4a2dded5156ec55a73.exe	14
PID 1736 wrote to memory of 952	1736	5afe92eae9fb9d4a2dded5156ec55a73.exe	14

C:\Users\Admin\AppData\Local\Temp\5afe92eae9fb9d4a2dded5156ec55a73.exe
"C:\Users\Admin\AppData\Local\Temp\5afe92eae9fb9d4a2dded5156ec55a73.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 36
  2⤵
  - Program crash
  PID:952