63d261086f69ccec50830b5cd3f71aec0a32f4357497158f5921b3826632b0b1

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 16:22

Target

ac522a3445f74cab84c3e456df1fb608.exe
Size

129KB
MD5

ac522a3445f74cab84c3e456df1fb608
SHA1

a8bab84b20057de9457941fa59dd083bba1290dc
SHA256

63d261086f69ccec50830b5cd3f71aec0a32f4357497158f5921b3826632b0b1
SHA512

deba6c2339ad2544458b69b135a45f9e806b46f5a1e947fe7852832a25eb655f9b59bb1284db58130f9cf4070e3900613ce5d9f594c388c25948a10207c606cd
SSDEEP

3072:mA0xHR6ZbXP8lDQB9eJiKaDy4dqiFu+HbUBX6TwIC:mAqR6NXP4DQB9OaeMu+7UV6cIC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2996	2008	WerFault.exe	9

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2008	ac522a3445f74cab84c3e456df1fb608.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2996	2008	ac522a3445f74cab84c3e456df1fb608.exe	28
PID 2008 wrote to memory of 2996	2008	ac522a3445f74cab84c3e456df1fb608.exe	28
PID 2008 wrote to memory of 2996	2008	ac522a3445f74cab84c3e456df1fb608.exe	28
PID 2008 wrote to memory of 2996	2008	ac522a3445f74cab84c3e456df1fb608.exe	28

C:\Users\Admin\AppData\Local\Temp\ac522a3445f74cab84c3e456df1fb608.exe
"C:\Users\Admin\AppData\Local\Temp\ac522a3445f74cab84c3e456df1fb608.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 144
  2⤵
  - Program crash
  PID:2996

memory/2008-1-0x0000000000020000-0x000000000002A000-memory.dmp

Filesize
40KB

Download
memory/2008-0-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/2008-2-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download