e376d23f48816e9d9a8d74cc9f8891b6fed2cff46d2b0efe989d8272b05931f2

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 18:43

Target

ADCollector.exe
Size

528KB
MD5

134c6a513d534a01404f19b2730d68bf
SHA1

2eb961f3ac9940e967959ab9722973815cfc8b18
SHA256

e376d23f48816e9d9a8d74cc9f8891b6fed2cff46d2b0efe989d8272b05931f2
SHA512

26deb96d906460bc465f0de81eb94902e428ec1450a7cc0a9f16a4f73a7e86bc610a0bf6c413e40495deb81ea093972b5b087eed2434ef04f91abb5e971025f0
SSDEEP

12288:Crh1z1E7TxBL927cmjrLf+V696Wsvl66rl6dsk:6EqcI/fly06Md

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2940	3000	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2940	3000	ADCollector.exe	29
PID 3000 wrote to memory of 2940	3000	ADCollector.exe	29
PID 3000 wrote to memory of 2940	3000	ADCollector.exe	29
PID 3000 wrote to memory of 2940	3000	ADCollector.exe	29

C:\Users\Admin\AppData\Local\Temp\ADCollector.exe
"C:\Users\Admin\AppData\Local\Temp\ADCollector.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 600
  2⤵
  - Program crash
  PID:2940

memory/3000-0-0x0000000001200000-0x000000000128A000-memory.dmp

Filesize
552KB

Download
memory/3000-1-0x0000000074160000-0x000000007484E000-memory.dmp

Filesize
6.9MB

Download
memory/3000-2-0x0000000001080000-0x00000000010C0000-memory.dmp

Filesize
256KB

Download
memory/3000-3-0x0000000000320000-0x0000000000358000-memory.dmp

Filesize
224KB

Download
memory/3000-4-0x00000000010C0000-0x000000000119C000-memory.dmp

Filesize
880KB

Download
memory/3000-5-0x0000000074160000-0x000000007484E000-memory.dmp

Filesize
6.9MB

Download
memory/3000-6-0x0000000001080000-0x00000000010C0000-memory.dmp

Filesize
256KB

Download