93ac837505fd777727ef767e650773af151b4d173d129754b6b2afecfcef80b1

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 21:50

Target

8d6f04739c5410934e08bfeabea2c5e9.exe
Size

78KB
MD5

8d6f04739c5410934e08bfeabea2c5e9
SHA1

f85c4e014553efdf859345da0233de0dbb78b9a8
SHA256

93ac837505fd777727ef767e650773af151b4d173d129754b6b2afecfcef80b1
SHA512

07eb200cd87f301476d6d9e01ffd21f4a3c193f82dd831e1648b85f65eb51430d127dad68d1fba7c1ff0917c67188b88148a8354eb1d4dff7a16a64b69546568
SSDEEP

1536:WLqeUeBqAAcorGmCVwvBnOWtZZRsZ8JBmD25eUUE4x/or621Q:LeDqE0pN2Z8JPtkAr6wQ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2312	1724	WerFault.exe	1

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2312	1724	8d6f04739c5410934e08bfeabea2c5e9.exe	28
PID 1724 wrote to memory of 2312	1724	8d6f04739c5410934e08bfeabea2c5e9.exe	28
PID 1724 wrote to memory of 2312	1724	8d6f04739c5410934e08bfeabea2c5e9.exe	28
PID 1724 wrote to memory of 2312	1724	8d6f04739c5410934e08bfeabea2c5e9.exe	28
PID 1724 wrote to memory of 2312	1724	8d6f04739c5410934e08bfeabea2c5e9.exe	28
PID 1724 wrote to memory of 2312	1724	8d6f04739c5410934e08bfeabea2c5e9.exe	28
PID 1724 wrote to memory of 2312	1724	8d6f04739c5410934e08bfeabea2c5e9.exe	28

C:\Users\Admin\AppData\Local\Temp\8d6f04739c5410934e08bfeabea2c5e9.exe
"C:\Users\Admin\AppData\Local\Temp\8d6f04739c5410934e08bfeabea2c5e9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 252
  2⤵
  - Program crash
  PID:2312

memory/1724-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1724-1-0x0000000000020000-0x0000000000036000-memory.dmp

Filesize
88KB

Download
memory/1724-2-0x0000000000020000-0x0000000000036000-memory.dmp

Filesize
88KB

Download