54bb7e2c13cfd527d540d473cd49210ede59601b09dd9ac15086718bc05f6bbd

Analysis

max time kernel
140s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-02-2024 18:37

Target

9c5c4b4c00d9dfa545311df1fcb0cf11.exe
Size

187KB
MD5

9c5c4b4c00d9dfa545311df1fcb0cf11
SHA1

e7133b889e0f05214f16f44b22e38797713ccf87
SHA256

54bb7e2c13cfd527d540d473cd49210ede59601b09dd9ac15086718bc05f6bbd
SHA512

4f701f262dc9931fdc759b93d23c45a42c9cc3add5b57addb72b264b2193516c1061f8e65aefa390da0b3d22b9ce8cc65c25cffa046f0b935931c6e05f986791
SSDEEP

3072:jIUbnpAOgwQDZHYWO9fPZ8ClEb9Bn6WORRGhFsfDQxQEPygzvP0fDi2u0Qe2n4Wf:BnpAOgw8HYWO95vlEbLmREFsfKygzvPz

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2496	2040	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2496	2040	9c5c4b4c00d9dfa545311df1fcb0cf11.exe	28
PID 2040 wrote to memory of 2496	2040	9c5c4b4c00d9dfa545311df1fcb0cf11.exe	28
PID 2040 wrote to memory of 2496	2040	9c5c4b4c00d9dfa545311df1fcb0cf11.exe	28
PID 2040 wrote to memory of 2496	2040	9c5c4b4c00d9dfa545311df1fcb0cf11.exe	28

C:\Users\Admin\AppData\Local\Temp\9c5c4b4c00d9dfa545311df1fcb0cf11.exe
"C:\Users\Admin\AppData\Local\Temp\9c5c4b4c00d9dfa545311df1fcb0cf11.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 92
  2⤵
  - Program crash
  PID:2496

memory/2040-0-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download