f9814a1dd923711bfdc5ea4d7c99c11c3c89dea675028eef3a280feadffccef3

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-02-2024 16:59

Target

9c3139c463703168e145e212bad01dbb.exe
Size

52KB
MD5

9c3139c463703168e145e212bad01dbb
SHA1

fafacdd01306829046dbc4760e211fc90ede2016
SHA256

f9814a1dd923711bfdc5ea4d7c99c11c3c89dea675028eef3a280feadffccef3
SHA512

7de2697433462ae19f1912947c81bb5dd9cd98fc0db9d86bce483548d50b4f8f7bca32fa898a0b94b05f5f0e381b53c16efcbf442dd3ee1fee61126fb32127c6
SSDEEP

768:9nRyjf6ZM6cV5UIH5moFfT8U47zbiEKvwromVLi3Savyj/EvcBuV4isW9GPC9kXN:tgekH5moFfTREKM/zLDSc2Qq9SAz6l

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2856	2736	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 2856	2736	9c3139c463703168e145e212bad01dbb.exe	27
PID 2736 wrote to memory of 2856	2736	9c3139c463703168e145e212bad01dbb.exe	27
PID 2736 wrote to memory of 2856	2736	9c3139c463703168e145e212bad01dbb.exe	27
PID 2736 wrote to memory of 2856	2736	9c3139c463703168e145e212bad01dbb.exe	27

C:\Users\Admin\AppData\Local\Temp\9c3139c463703168e145e212bad01dbb.exe
"C:\Users\Admin\AppData\Local\Temp\9c3139c463703168e145e212bad01dbb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 92
  2⤵
  - Program crash
  PID:2856