4cf296290ffd46aed32b549a3890362fb08c9a15d7005aa3742f8f4759041f1d

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 05:19

Target

989377b72396dd5d52d21883b93bfe3d.exe
Size

86KB
MD5

989377b72396dd5d52d21883b93bfe3d
SHA1

ad9ebfea1c3076c4bd29c76bbee1d0e8683aa5cb
SHA256

4cf296290ffd46aed32b549a3890362fb08c9a15d7005aa3742f8f4759041f1d
SHA512

de4bf66c4cf8a38c40f37496a547d028ec494f73bdc9f460224704eac61dd1c6681209b7ed993135078d02de8032befe21eb4a66985bd14aa0f0cf8bf54a0f9e
SSDEEP

1536:CF3tl4Wsef192KtR+CUSXjJUFI8w/h2xd7bKqSG1Jflck2IVnsproiFy4zb04:CF3f4W2QtUSXjR92xd7vSG1JdcBKGoSh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1880	2232	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 1880	2232	989377b72396dd5d52d21883b93bfe3d.exe	28
PID 2232 wrote to memory of 1880	2232	989377b72396dd5d52d21883b93bfe3d.exe	28
PID 2232 wrote to memory of 1880	2232	989377b72396dd5d52d21883b93bfe3d.exe	28
PID 2232 wrote to memory of 1880	2232	989377b72396dd5d52d21883b93bfe3d.exe	28

C:\Users\Admin\AppData\Local\Temp\989377b72396dd5d52d21883b93bfe3d.exe
"C:\Users\Admin\AppData\Local\Temp\989377b72396dd5d52d21883b93bfe3d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 36
  2⤵
  - Program crash
  PID:1880

memory/2232-0-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download