22950c3871f2741d11391c40aedd33c3c1d91f98b79fcb0643267d7b18bcc385

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 20:04

Target

Storm (16).exe
Size

579KB
MD5

6d95391b82df6a6ed6204ef675674f3b
SHA1

3ff215484231f6cd8e84557f7881bab3455ad80a
SHA256

22950c3871f2741d11391c40aedd33c3c1d91f98b79fcb0643267d7b18bcc385
SHA512

bbe745b2103892b97336c9082af7dbbc1646d8a740d8c93d4287e62e7a11fa1d1cc4d61f21783afdfc3647b9828490c5c0418e896022ca886d4abb1dfac0925b
SSDEEP

6144:qQH/HepXj2hOh3gP1wpXdKrrbFb+g7mENAhbOfT+UMgyUVoLWPNSK4c471ik/j4j:q8Ps60mP1wpgfB5b7NlUlcoikpbTs7

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2516 2512 WerFault.exe Storm (16).exe

pid	pid_target	process	target process
2516	2512	WerFault.exe	Storm (16).exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Storm (16).exe

description	pid	process	target process
PID 2512 wrote to memory of 2516	2512	Storm (16).exe	WerFault.exe
PID 2512 wrote to memory of 2516	2512	Storm (16).exe	WerFault.exe
PID 2512 wrote to memory of 2516	2512	Storm (16).exe	WerFault.exe
PID 2512 wrote to memory of 2516	2512	Storm (16).exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Storm (16).exe
"C:\Users\Admin\AppData\Local\Temp\Storm (16).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 612
2⤵
- Program crash
PID:2516

memory/2512-0-0x00000000012E0000-0x000000000137A000-memory.dmp

Filesize
616KB

Download
memory/2512-1-0x0000000074BF0000-0x00000000752DE000-memory.dmp

Filesize
6.9MB

Download
memory/2512-2-0x0000000001250000-0x0000000001290000-memory.dmp

Filesize
256KB

Download
memory/2512-3-0x0000000000390000-0x00000000003DC000-memory.dmp

Filesize
304KB

Download
memory/2512-4-0x0000000074BF0000-0x00000000752DE000-memory.dmp

Filesize
6.9MB

Download
memory/2512-5-0x0000000001250000-0x0000000001290000-memory.dmp

Filesize
256KB

Download