a1e514874a578e2076da82569e7f9403aed5e785d77077c42ae17ba191d422f8

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:55

Target

7506471489bd04b3b3c34c1e57aeb245.exe
Size

92KB
MD5

7506471489bd04b3b3c34c1e57aeb245
SHA1

7903cb757236b006040a43bf41c6269bf056c886
SHA256

a1e514874a578e2076da82569e7f9403aed5e785d77077c42ae17ba191d422f8
SHA512

32971a4cdbc9c7c6d0d3cc2e5722b6621ecf2448b46f0e19d514cfbd727e3e64134450c57409660941a8c71a3869fd3be247bd079d0d7c0b3e3b43d4878212a9
SSDEEP

1536:Addr6vitpd0ouXECzfNVq8H/dFrVGohbNLdvONW4U+8m+6XRiAots4F+Ju50P:2dr6aXdIECbu8HF5Vth5vbf8RiRv+JpP

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2348 2332 WerFault.exe 7506471489bd04b3b3c34c1e57aeb245.exe

pid	pid_target	process	target process
2348	2332	WerFault.exe	7506471489bd04b3b3c34c1e57aeb245.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

7506471489bd04b3b3c34c1e57aeb245.exe

description	pid	process	target process
PID 2332 wrote to memory of 2348	2332	7506471489bd04b3b3c34c1e57aeb245.exe	WerFault.exe
PID 2332 wrote to memory of 2348	2332	7506471489bd04b3b3c34c1e57aeb245.exe	WerFault.exe
PID 2332 wrote to memory of 2348	2332	7506471489bd04b3b3c34c1e57aeb245.exe	WerFault.exe
PID 2332 wrote to memory of 2348	2332	7506471489bd04b3b3c34c1e57aeb245.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\7506471489bd04b3b3c34c1e57aeb245.exe
"C:\Users\Admin\AppData\Local\Temp\7506471489bd04b3b3c34c1e57aeb245.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 88
2⤵
- Program crash
PID:2348

memory/2332-0-0x0000000001BE0000-0x0000000001CB7000-memory.dmp

Filesize
860KB

Download