9cd5b6677b671aa249138cbf310bc6f4708f1d41ce813e979a97454f997ff12f

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-02-2024 21:20

Target

a2c5daa265ae9cfbcf68a5a7843908f3.exe
Size

181KB
MD5

a2c5daa265ae9cfbcf68a5a7843908f3
SHA1

f4686ce15a1250e1426a010d0ddc81c8e329b74e
SHA256

9cd5b6677b671aa249138cbf310bc6f4708f1d41ce813e979a97454f997ff12f
SHA512

b7815daee49e57ebb8350a7d8ade4eea316eecdec3764fc3bb984cc925a038138b052be3101fa5d538f261b916e599b14b2001923701547e01c091fb3271d0ef
SSDEEP

3072:71DCyKcxKVHgHaA8+0ds3tLrBlmpNYqwiFFYLZgP10WGwTloIRHWL9YBPQKuFLMo:71Wynxq2l00ArYqJFFYEGslsL94EhM3s

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1768	2024	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1768	2024	a2c5daa265ae9cfbcf68a5a7843908f3.exe	28
PID 2024 wrote to memory of 1768	2024	a2c5daa265ae9cfbcf68a5a7843908f3.exe	28
PID 2024 wrote to memory of 1768	2024	a2c5daa265ae9cfbcf68a5a7843908f3.exe	28
PID 2024 wrote to memory of 1768	2024	a2c5daa265ae9cfbcf68a5a7843908f3.exe	28

C:\Users\Admin\AppData\Local\Temp\a2c5daa265ae9cfbcf68a5a7843908f3.exe
"C:\Users\Admin\AppData\Local\Temp\a2c5daa265ae9cfbcf68a5a7843908f3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 116
  2⤵
  - Program crash
  PID:1768

memory/2024-0-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2024-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2024-2-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2024-3-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download