b4c8f30e470aafa331fb3c6bb12cdc81724f8b5b7afd6e28132e762d8809c000

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 11:32

Target

b4c8f30e470aafa331fb3c6bb12cdc81724f8b5b7afd6e28132e762d8809c000.exe
Size

5KB
MD5

0664c396204288b328b9d5e0cd1d8489
SHA1

5ba274b0c4468606fc043614f16ac8f36f49da8d
SHA256

b4c8f30e470aafa331fb3c6bb12cdc81724f8b5b7afd6e28132e762d8809c000
SHA512

040532007915abda48036cd6c3e96859c84883681bb18b9610423979d538dbe3bf8935c71efe60337d7f25d8b22b5321a4855c2347bdb3677078fad22455e481
SSDEEP

48:SslXWFPpT+dXVfzZh4yMGcKzMEkTaak4PAZivO2pB42pBdvMZL2R7tsRuqSxp:5WLkFfNnOKYloIQ2pm2pbYSIxE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2136	3024	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2136	3024	b4c8f30e470aafa331fb3c6bb12cdc81724f8b5b7afd6e28132e762d8809c000.exe	28
PID 3024 wrote to memory of 2136	3024	b4c8f30e470aafa331fb3c6bb12cdc81724f8b5b7afd6e28132e762d8809c000.exe	28
PID 3024 wrote to memory of 2136	3024	b4c8f30e470aafa331fb3c6bb12cdc81724f8b5b7afd6e28132e762d8809c000.exe	28
PID 3024 wrote to memory of 2136	3024	b4c8f30e470aafa331fb3c6bb12cdc81724f8b5b7afd6e28132e762d8809c000.exe	28

C:\Users\Admin\AppData\Local\Temp\b4c8f30e470aafa331fb3c6bb12cdc81724f8b5b7afd6e28132e762d8809c000.exe
"C:\Users\Admin\AppData\Local\Temp\b4c8f30e470aafa331fb3c6bb12cdc81724f8b5b7afd6e28132e762d8809c000.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 48
  2⤵
  - Program crash
  PID:2136