bb823d5b1fd09d476592958b22dd078c035a07d8a4a3c2f2573fa6385510c975

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-03-2024 23:15

Target

b5e732930d32595e94bc5a5a2cf19e5a.exe
Size

113KB
MD5

b5e732930d32595e94bc5a5a2cf19e5a
SHA1

e85939d216bf38d50e3dd51c63e1cb86c4c512d6
SHA256

bb823d5b1fd09d476592958b22dd078c035a07d8a4a3c2f2573fa6385510c975
SHA512

35cce3ee895881c1a4789c580603a899abb0092fe389d389a064fed6f2cc4ae82643c3ea8e4799ab7cdd99a20bdab1f283663f281457d555903fa65e982551a2
SSDEEP

3072:Y7FmWu+HIV0/3vgQp0R2FoMbgkYK664snwu4wkxqiQ24xN:yNu+oV0/3oQp0Y3Ysp1kgrbN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2092	2072	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2092	2072	b5e732930d32595e94bc5a5a2cf19e5a.exe	28
PID 2072 wrote to memory of 2092	2072	b5e732930d32595e94bc5a5a2cf19e5a.exe	28
PID 2072 wrote to memory of 2092	2072	b5e732930d32595e94bc5a5a2cf19e5a.exe	28
PID 2072 wrote to memory of 2092	2072	b5e732930d32595e94bc5a5a2cf19e5a.exe	28

C:\Users\Admin\AppData\Local\Temp\b5e732930d32595e94bc5a5a2cf19e5a.exe
"C:\Users\Admin\AppData\Local\Temp\b5e732930d32595e94bc5a5a2cf19e5a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 36
  2⤵
  - Program crash
  PID:2092

memory/2072-0-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2072-1-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download