3fc169164e14573bb2335492b603edfb8be125a35c2388950fb9b40025aad452

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 13:39

Target

ac0380a4dc0dc0c823491e999eed307d.exe
Size

3.4MB
MD5

ac0380a4dc0dc0c823491e999eed307d
SHA1

87628c2c97dedbf9b4cafdba5b0d6d5cf867210a
SHA256

3fc169164e14573bb2335492b603edfb8be125a35c2388950fb9b40025aad452
SHA512

a5232d6adeee5755df2b34fb527704bd3f58f332d3870b46233d9776a15da29ac1f61ad218a59ca077e16ee723fd6fdd6e6c0564e3424d358ee0de859c57f89c
SSDEEP

49152:mc02mTt1KAcvLMLhsTgMVgXa0OhOWA6zfA1SavFOV+Iso8VJku9ZCZo6BFQPNU:XZmh1KhMLhsExXEhDz+IV2764U

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1660	1940	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 1660	1940	ac0380a4dc0dc0c823491e999eed307d.exe	28
PID 1940 wrote to memory of 1660	1940	ac0380a4dc0dc0c823491e999eed307d.exe	28
PID 1940 wrote to memory of 1660	1940	ac0380a4dc0dc0c823491e999eed307d.exe	28
PID 1940 wrote to memory of 1660	1940	ac0380a4dc0dc0c823491e999eed307d.exe	28

C:\Users\Admin\AppData\Local\Temp\ac0380a4dc0dc0c823491e999eed307d.exe
"C:\Users\Admin\AppData\Local\Temp\ac0380a4dc0dc0c823491e999eed307d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 88
  2⤵
  - Program crash
  PID:1660

memory/1940-0-0x0000000000400000-0x00000000007F4000-memory.dmp

Filesize
4.0MB

Download