e58d50abb3c718b8c74b2f845a0face5a7efa830c321dcb7f6933d77bba29146

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 12:40

Target

Solaris.exe
Size

11KB
MD5

cc22d55a559c2a6c1b5ae9196854f807
SHA1

d42cfb8f9a3fecfa4068c7728ee5d88b212ff152
SHA256

e58d50abb3c718b8c74b2f845a0face5a7efa830c321dcb7f6933d77bba29146
SHA512

a3b78a5ece9f74a18c3edf236ba7aa1fef17ea743eacea2211b4125f37435c667de48e175e389001bced71c562c3815348d9447421cf6b8748156cef9c8e868e
SSDEEP

192:528Jl0UT5X45wL0jGz0+8lQTaglJaumeVr1gDgIe5SPdF6e5z4dLkP:52A/lhz0+8Ma0zm59dV14dk

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2584	2860	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2584	2860	Solaris.exe	28
PID 2860 wrote to memory of 2584	2860	Solaris.exe	28
PID 2860 wrote to memory of 2584	2860	Solaris.exe	28
PID 2860 wrote to memory of 2584	2860	Solaris.exe	28

C:\Users\Admin\AppData\Local\Temp\Solaris.exe
"C:\Users\Admin\AppData\Local\Temp\Solaris.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 592
  2⤵
  - Program crash
  PID:2584

memory/2860-0-0x0000000001270000-0x000000000127A000-memory.dmp

Filesize
40KB

Download
memory/2860-1-0x0000000000330000-0x000000000034A000-memory.dmp

Filesize
104KB

Download
memory/2860-2-0x0000000074050000-0x000000007473E000-memory.dmp

Filesize
6.9MB

Download
memory/2860-3-0x0000000000360000-0x000000000036A000-memory.dmp

Filesize
40KB

Download
memory/2860-4-0x0000000004B40000-0x0000000004B80000-memory.dmp

Filesize
256KB

Download
memory/2860-5-0x0000000074050000-0x000000007473E000-memory.dmp

Filesize
6.9MB

Download