029b1a6c48a2e286e3827a2807a028f3a2d625ee570551797f57ce758200b539

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 22:32

Target

029b1a6c48a2e286e3827a2807a028f3a2d625ee570551797f57ce758200b539.exe
Size

5KB
MD5

625ab2536b2c35541caba4fa15289f4b
SHA1

38f75df21d300f19aad983abf61ca038f24ff602
SHA256

029b1a6c48a2e286e3827a2807a028f3a2d625ee570551797f57ce758200b539
SHA512

a79d699fdc936dc93dec7f93bada3a8e2719768268c82367e23ffbd791bab97738181fdc608ecdcbf91841f9c84e028aa0d96980df66f05e8f6d0cb515ade8ed
SSDEEP

48:SIlXWFPpT+dXVfzZh4yMGcKzMEkTaak4PAZivO2pB42pBdvMZL2R7twRuqSxp:VWLkFfNnOKYloIQ2pm2pbYScxE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1180	2088	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 1180	2088	029b1a6c48a2e286e3827a2807a028f3a2d625ee570551797f57ce758200b539.exe	28
PID 2088 wrote to memory of 1180	2088	029b1a6c48a2e286e3827a2807a028f3a2d625ee570551797f57ce758200b539.exe	28
PID 2088 wrote to memory of 1180	2088	029b1a6c48a2e286e3827a2807a028f3a2d625ee570551797f57ce758200b539.exe	28
PID 2088 wrote to memory of 1180	2088	029b1a6c48a2e286e3827a2807a028f3a2d625ee570551797f57ce758200b539.exe	28

C:\Users\Admin\AppData\Local\Temp\029b1a6c48a2e286e3827a2807a028f3a2d625ee570551797f57ce758200b539.exe
"C:\Users\Admin\AppData\Local\Temp\029b1a6c48a2e286e3827a2807a028f3a2d625ee570551797f57ce758200b539.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 48
  2⤵
  - Program crash
  PID:1180