5ae4a8fa171ec1ad18ce7707b7cb5dc3cf5e7ab87742c31ea9515485f2c813d0

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:55

Target

7505b6c041e5710d1c39be2ef25dba3a.exe
Size

98KB
MD5

7505b6c041e5710d1c39be2ef25dba3a
SHA1

5537af95454be9cb14784f713004bdf8ba8e1d8e
SHA256

5ae4a8fa171ec1ad18ce7707b7cb5dc3cf5e7ab87742c31ea9515485f2c813d0
SHA512

d13468af1bb562a85fb1eafd61313ade85df7426e89c98dd6eb8b43a5067a52dca9f80cbdc26fda49880c10eaf9702a4c43f80fd621a3c9125a765006939b41d
SSDEEP

1536:3V8hZ/lGSA3AsWG6qcTTSBJ8Ud9+zQVrBrpBjNIXbl5eY8bno0QzfbLaV:F8he3gbTiJ8UGQVrBfNaeYECzjLaV

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2032 2960 WerFault.exe 7505b6c041e5710d1c39be2ef25dba3a.exe

pid	pid_target	process	target process
2032	2960	WerFault.exe	7505b6c041e5710d1c39be2ef25dba3a.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

7505b6c041e5710d1c39be2ef25dba3a.exe

description	pid	process	target process
PID 2960 wrote to memory of 2032	2960	7505b6c041e5710d1c39be2ef25dba3a.exe	WerFault.exe
PID 2960 wrote to memory of 2032	2960	7505b6c041e5710d1c39be2ef25dba3a.exe	WerFault.exe
PID 2960 wrote to memory of 2032	2960	7505b6c041e5710d1c39be2ef25dba3a.exe	WerFault.exe
PID 2960 wrote to memory of 2032	2960	7505b6c041e5710d1c39be2ef25dba3a.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\7505b6c041e5710d1c39be2ef25dba3a.exe
"C:\Users\Admin\AppData\Local\Temp\7505b6c041e5710d1c39be2ef25dba3a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 92
2⤵
- Program crash
PID:2032