516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b

Resubmissions

27-01-2024 19:37

27-01-2024 19:36

01-05-2021 01:07

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 19:37

Target

516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe
Size

56KB
MD5

84c1567969b86089cc33dccf41562bcd
SHA1

53f2133cb25186e9fa6d4ea3b0e41eee5aba5ef2
SHA256

516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b
SHA512

72a411cacd503b6fadb15dc90f1f9beb79ff79c620df76da381e5c780c53e11258aae72db2848c241ec55af403d67d62340e429e86c23bbf8a71287738de7eaa
SSDEEP

768:AiN4q1eksgR4SiI+rxQ3rjFrXRRWxXyw/Afy81XweyetnR9Wsf5AyT9G3kZ:r4HHerjZX7pLken5nWXWi

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2884 3056 WerFault.exe 516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe

pid	pid_target	process	target process
2884	3056	WerFault.exe	516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe

Modifies data under HKEY_USERS 1 IoCs

Processes:

516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Control Panel\International	516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe

description	pid	process	target process
PID 2112 wrote to memory of 3056	2112	516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe	516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe
PID 2112 wrote to memory of 3056	2112	516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe	516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe
PID 2112 wrote to memory of 3056	2112	516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe	516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe
PID 2112 wrote to memory of 3056	2112	516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe	516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe
PID 2112 wrote to memory of 3056	2112	516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe	516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe

C:\Users\Admin\AppData\Local\Temp\516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe
"C:\Users\Admin\AppData\Local\Temp\516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe"
1⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe
"C:\Users\Admin\AppData\Local\Temp\516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Users\Admin\AppData\Local\Temp\516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe
  "C:\Users\Admin\AppData\Local\Temp\516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe"
  2⤵
  - Modifies data under HKEY_USERS
  PID:3056
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 444
    3⤵
    - Program crash
    PID:2884