a052661dc4a1e4a93f349ec8cad5aa3392fd0182ba6a8e51754d0ed0d2cd54f5

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 16:16

Target

VirusShare_92241c00e7ce39b8d9ce7d63dad992a5.exe
Size

216KB
MD5

92241c00e7ce39b8d9ce7d63dad992a5
SHA1

6d64823bb266985b6a2a9e125d6a57ea9b2248d2
SHA256

a052661dc4a1e4a93f349ec8cad5aa3392fd0182ba6a8e51754d0ed0d2cd54f5
SHA512

9166f967958c66ab76fc84b1bc7b13c1e892e2c61b5f50d37ff8d5e06f15f5970edac3c1f594c44748dad8845d1dec6a2b6c74bace2bf7e5f2b0dccc7fe861ed
SSDEEP

6144:/qn/CIKcHaAyeeg7Y8MyfYEIlorqucaXBBiaCst7v1es2:C/CQHJY2wE8orqucaNpt7NeX

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2308	1656	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2308	1656	VirusShare_92241c00e7ce39b8d9ce7d63dad992a5.exe	28
PID 1656 wrote to memory of 2308	1656	VirusShare_92241c00e7ce39b8d9ce7d63dad992a5.exe	28
PID 1656 wrote to memory of 2308	1656	VirusShare_92241c00e7ce39b8d9ce7d63dad992a5.exe	28
PID 1656 wrote to memory of 2308	1656	VirusShare_92241c00e7ce39b8d9ce7d63dad992a5.exe	28

C:\Users\Admin\AppData\Local\Temp\VirusShare_92241c00e7ce39b8d9ce7d63dad992a5.exe
"C:\Users\Admin\AppData\Local\Temp\VirusShare_92241c00e7ce39b8d9ce7d63dad992a5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 92
  2⤵
  - Program crash
  PID:2308