37094757f1fd789719462114c2880344c555e7e432626e0a4aceab4bc2225d92

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:07

Target

74eee7d93dff2a85ab5dfea5ea2c55e3.exe
Size

47KB
MD5

74eee7d93dff2a85ab5dfea5ea2c55e3
SHA1

5fd2e75df24a729e4e4fe88c7d58ea845e04a630
SHA256

37094757f1fd789719462114c2880344c555e7e432626e0a4aceab4bc2225d92
SHA512

5e945a33b8e5cb80db72c6747346609d12482c1b3bb499d553d89e201e452a46e330434cc0db4a0aa71b18be3efc7cb9274ad50aff4a68840d0c4b249c17830c
SSDEEP

768:s40TqJOddXy+D2IwxkANpq7l2Oq5BX0roTWJCM30z5uBNaycMKXvhkxX:hFiJbD2IwxHPDnkCdzaN3KAX

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1944 2964 WerFault.exe 74eee7d93dff2a85ab5dfea5ea2c55e3.exe

pid	pid_target	process	target process
1944	2964	WerFault.exe	74eee7d93dff2a85ab5dfea5ea2c55e3.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

74eee7d93dff2a85ab5dfea5ea2c55e3.exe

description	pid	process	target process
PID 2964 wrote to memory of 1944	2964	74eee7d93dff2a85ab5dfea5ea2c55e3.exe	WerFault.exe
PID 2964 wrote to memory of 1944	2964	74eee7d93dff2a85ab5dfea5ea2c55e3.exe	WerFault.exe
PID 2964 wrote to memory of 1944	2964	74eee7d93dff2a85ab5dfea5ea2c55e3.exe	WerFault.exe
PID 2964 wrote to memory of 1944	2964	74eee7d93dff2a85ab5dfea5ea2c55e3.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\74eee7d93dff2a85ab5dfea5ea2c55e3.exe
"C:\Users\Admin\AppData\Local\Temp\74eee7d93dff2a85ab5dfea5ea2c55e3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 148
2⤵
- Program crash
PID:1944

memory/2964-0-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2964-1-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download