e3a7d2fc7c50bc2185eef6b2b9fc59c606f5be7b185e5c443d1d6345b094c480

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:05

Target

74ee64209260dca2a5916aaf9c59aba6.exe
Size

32KB
MD5

74ee64209260dca2a5916aaf9c59aba6
SHA1

2faa0afe20803139f1b3fc5df406cfdcb1a9d805
SHA256

e3a7d2fc7c50bc2185eef6b2b9fc59c606f5be7b185e5c443d1d6345b094c480
SHA512

3286137911e47df266c9ebe0a5eaed1993a4114dc5c514e8883bae3f84377d2a7b60d1af9733ab32c7c4fbfdd4b497cbdbec99a381b8c2466f76e6bb3e2d4a40
SSDEEP

384:3dbzKqdmqn1cTG6n92xqU2kNZ8qJb579NOXIt9d59CTF5trKm:3tNd9aG6nEwJkUqJbV9Qe9d59M5tmm

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2220 2180 WerFault.exe 74ee64209260dca2a5916aaf9c59aba6.exe

pid	pid_target	process	target process
2220	2180	WerFault.exe	74ee64209260dca2a5916aaf9c59aba6.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

74ee64209260dca2a5916aaf9c59aba6.exe

description	pid	process	target process
PID 2180 wrote to memory of 2220	2180	74ee64209260dca2a5916aaf9c59aba6.exe	WerFault.exe
PID 2180 wrote to memory of 2220	2180	74ee64209260dca2a5916aaf9c59aba6.exe	WerFault.exe
PID 2180 wrote to memory of 2220	2180	74ee64209260dca2a5916aaf9c59aba6.exe	WerFault.exe
PID 2180 wrote to memory of 2220	2180	74ee64209260dca2a5916aaf9c59aba6.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\74ee64209260dca2a5916aaf9c59aba6.exe
"C:\Users\Admin\AppData\Local\Temp\74ee64209260dca2a5916aaf9c59aba6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 88
2⤵
- Program crash
PID:2220

memory/2180-0-0x0000000009100000-0x000000000910B000-memory.dmp

Filesize
44KB

Download
memory/2180-1-0x0000000076D40000-0x0000000076E50000-memory.dmp

Filesize
1.1MB

Download