d3d72fe9caf153881c30e78e5373d6544431f3c292700d3cd047cdbf2467675e

Analysis

max time kernel
168s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 13:39

Target

8f49da04859558447d5479d3204dbbd8.exe
Size

216KB
MD5

8f49da04859558447d5479d3204dbbd8
SHA1

c1805e8984692be2e1a05ef04b2cc7e2f27ea4d1
SHA256

d3d72fe9caf153881c30e78e5373d6544431f3c292700d3cd047cdbf2467675e
SHA512

a930483f1707fd406d3c3e189d1d6ddf37f4d865fa4b32e873c91f94d3654a86dc019e43ff4c7b6ee27cf69446d380f9c992162235a92fe3b7bc51a8fc7ce99f
SSDEEP

3072:rcV7Z0KUjiKdIa0rRzBuMewLSPlNKwGNmJ30/wlj1o2Y:rgZTUjiS4BurxPlNKwGNmJ30ol

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\spool\PRTPROCS\x64\259BD66.tmp	8f49da04859558447d5479d3204dbbd8.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2776	2668	WerFault.exe	24

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2776	2668	8f49da04859558447d5479d3204dbbd8.exe	27
PID 2668 wrote to memory of 2776	2668	8f49da04859558447d5479d3204dbbd8.exe	27
PID 2668 wrote to memory of 2776	2668	8f49da04859558447d5479d3204dbbd8.exe	27
PID 2668 wrote to memory of 2776	2668	8f49da04859558447d5479d3204dbbd8.exe	27

C:\Users\Admin\AppData\Local\Temp\8f49da04859558447d5479d3204dbbd8.exe
"C:\Users\Admin\AppData\Local\Temp\8f49da04859558447d5479d3204dbbd8.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 228
  2⤵
  - Program crash
  PID:2776

memory/2668-0-0x00000000003C0000-0x00000000003DC000-memory.dmp

Filesize
112KB

Download
memory/2668-1-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/2668-2-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2668-8-0x00000000003C0000-0x00000000003DC000-memory.dmp

Filesize
112KB

Download
memory/2668-10-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download