e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
15-02-2024 19:27

Target

9e609932c59d043565c5d3e5260f571b.exe
Size

2.2MB
MD5

9e609932c59d043565c5d3e5260f571b
SHA1

eaa2e1e2cb6c7b6ec405ffdf204999853ebbd54a
SHA256

e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c0ab2a2ec8948ef84e
SHA512

34bd135dedd0c55d4fe337966dca8f6b02bda33f7aa67faf2bfd8685ffbb59be946524bfe62ae86fee4d2bbcb771844d29301294719ab3c24071c650dd001e66
SSDEEP

24576:dm8bqgR8VT8P5ZmUbFJnDoaY3azzKSP/OFvIxJH92ZK86EqDh8YCJjiraf4oAV/S:H73h3P/4K81TjasiXCUVnjU1H

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1700	1212	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 1700	1212	9e609932c59d043565c5d3e5260f571b.exe	28
PID 1212 wrote to memory of 1700	1212	9e609932c59d043565c5d3e5260f571b.exe	28
PID 1212 wrote to memory of 1700	1212	9e609932c59d043565c5d3e5260f571b.exe	28
PID 1212 wrote to memory of 1700	1212	9e609932c59d043565c5d3e5260f571b.exe	28

C:\Users\Admin\AppData\Local\Temp\9e609932c59d043565c5d3e5260f571b.exe
"C:\Users\Admin\AppData\Local\Temp\9e609932c59d043565c5d3e5260f571b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 36
  2⤵
  - Program crash
  PID:1700