ab6b33b91e030a5cf9b2955ac57e7fe95cc5c89cbff9d5d7dbda17f274ca8c4f

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 15:38

Target

a4272d7cbebebc535a1f80bdbd06b409.exe
Size

77KB
MD5

a4272d7cbebebc535a1f80bdbd06b409
SHA1

834f205ede6b1f6e44720988f7677c20be867f70
SHA256

ab6b33b91e030a5cf9b2955ac57e7fe95cc5c89cbff9d5d7dbda17f274ca8c4f
SHA512

8240ea2c9c140111a42d3c1cd539603ac2faaac33a8bb063b08e5bddb3511cc08126e57cc14dbeae0cc0d6683238e61b711c643d8f45a819848ca545e830c8f4
SSDEEP

1536:p9LYlIDQ+RP2heLeq5YbjTZ45LZWhcQU0kPTs20mRuYW7Z3:pB2IDQGe25kTG5EhcQU0kPTluYWN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1032	1420	WerFault.exe	6

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 1032	1420	a4272d7cbebebc535a1f80bdbd06b409.exe	28
PID 1420 wrote to memory of 1032	1420	a4272d7cbebebc535a1f80bdbd06b409.exe	28
PID 1420 wrote to memory of 1032	1420	a4272d7cbebebc535a1f80bdbd06b409.exe	28
PID 1420 wrote to memory of 1032	1420	a4272d7cbebebc535a1f80bdbd06b409.exe	28

C:\Users\Admin\AppData\Local\Temp\a4272d7cbebebc535a1f80bdbd06b409.exe
"C:\Users\Admin\AppData\Local\Temp\a4272d7cbebebc535a1f80bdbd06b409.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 116
  2⤵
  - Program crash
  PID:1032

memory/1420-2-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1420-1-0x00000000001B0000-0x00000000001E0000-memory.dmp

Filesize
192KB

Download
memory/1420-0-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1420-3-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download