cb92ce657c377678d6ca7abfd6178e96d44d9224e2fe154e0f28390f5878f6cd

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/02/2024, 21:12

Target

aa2b364f93fc029412c39f7154983e4d.exe
Size

422KB
MD5

aa2b364f93fc029412c39f7154983e4d
SHA1

c8f57c0c9529af2055dc68c1dc47ca55b2cdf4bf
SHA256

cb92ce657c377678d6ca7abfd6178e96d44d9224e2fe154e0f28390f5878f6cd
SHA512

59c6660023c4401c771458d7b2615401598e27147cea1b33042b47b1b38e5555488c03555eebad6fa3a8fc76dedd8f36cdc0710312ba6123951ad9836c4e3ad8
SSDEEP

6144:ykB1INZdWaFzaE7mDGg7Y4+MFyBPys80G5sEOi9Ri9na5UVx3:ykBgdW/E7mDGg8xMkBp80GiZa5UVh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2800	2324	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2800	2324	aa2b364f93fc029412c39f7154983e4d.exe	28
PID 2324 wrote to memory of 2800	2324	aa2b364f93fc029412c39f7154983e4d.exe	28
PID 2324 wrote to memory of 2800	2324	aa2b364f93fc029412c39f7154983e4d.exe	28
PID 2324 wrote to memory of 2800	2324	aa2b364f93fc029412c39f7154983e4d.exe	28

C:\Users\Admin\AppData\Local\Temp\aa2b364f93fc029412c39f7154983e4d.exe
"C:\Users\Admin\AppData\Local\Temp\aa2b364f93fc029412c39f7154983e4d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 116
  2⤵
  - Program crash
  PID:2800

memory/2324-0-0x0000000000FB0000-0x000000000101E000-memory.dmp

Filesize
440KB

Download