bdc8ab3532c34a49d44c54fda3c4bd69eda762f5095a7da7f0cfe3f1d2c22214

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:27

Target

74f79c0739738fd6ab5fdadf338e9c05.exe
Size

342KB
MD5

74f79c0739738fd6ab5fdadf338e9c05
SHA1

cb307be3214651b48af2996f4c7e92d2ad4b0ade
SHA256

bdc8ab3532c34a49d44c54fda3c4bd69eda762f5095a7da7f0cfe3f1d2c22214
SHA512

ac9c175015074d37458ddffda4322952325e8f4ea3a18650da5f2346fedb3a5443d85ccb6e210fe1601e3861f1fff97a929797ba83e6c384e972b1c375f14ac6
SSDEEP

6144:2Q2SIkatx3Nw6vn5DBvQdJnyvpzdQgTghL1cTlE3u9s8CsjJygwz:2QzmiC5dILyYgIclAu9s8Csjg

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2968 1896 WerFault.exe 74f79c0739738fd6ab5fdadf338e9c05.exe

pid	pid_target	process	target process
2968	1896	WerFault.exe	74f79c0739738fd6ab5fdadf338e9c05.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

74f79c0739738fd6ab5fdadf338e9c05.exe

description	pid	process	target process
PID 1896 wrote to memory of 2968	1896	74f79c0739738fd6ab5fdadf338e9c05.exe	WerFault.exe
PID 1896 wrote to memory of 2968	1896	74f79c0739738fd6ab5fdadf338e9c05.exe	WerFault.exe
PID 1896 wrote to memory of 2968	1896	74f79c0739738fd6ab5fdadf338e9c05.exe	WerFault.exe
PID 1896 wrote to memory of 2968	1896	74f79c0739738fd6ab5fdadf338e9c05.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\74f79c0739738fd6ab5fdadf338e9c05.exe
"C:\Users\Admin\AppData\Local\Temp\74f79c0739738fd6ab5fdadf338e9c05.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 64
2⤵
- Program crash
PID:2968

memory/1896-0-0x0000000000400000-0x0000000000428200-memory.dmp

Filesize
160KB

Download