7debeddf2bad1267fe1573789a954dd2e7fbedbe226f8f6e8ea179865922e635

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 06:00

Target

b3f70ca0d6059d46c8218e3f66190ca2.exe
Size

36KB
MD5

b3f70ca0d6059d46c8218e3f66190ca2
SHA1

d336e0eb18f076e6e70b458a9b786df0cc9ddb39
SHA256

7debeddf2bad1267fe1573789a954dd2e7fbedbe226f8f6e8ea179865922e635
SHA512

14777dbcd29f6eed5bf5563d90698dd52de883ffb5cb99ac54321cfeccd560a9016ec8922ef890b893538f51d5aef18f34c8010056991c4340bf122e9a8dfa17
SSDEEP

768:RNFfXOhlKoLxtCt74y/842kGim5admgS0CX6MMBA8Ed:VCKoLD+h/84UimkdDME9q

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2932	2692	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2932	2692	b3f70ca0d6059d46c8218e3f66190ca2.exe	28
PID 2692 wrote to memory of 2932	2692	b3f70ca0d6059d46c8218e3f66190ca2.exe	28
PID 2692 wrote to memory of 2932	2692	b3f70ca0d6059d46c8218e3f66190ca2.exe	28
PID 2692 wrote to memory of 2932	2692	b3f70ca0d6059d46c8218e3f66190ca2.exe	28

C:\Users\Admin\AppData\Local\Temp\b3f70ca0d6059d46c8218e3f66190ca2.exe
"C:\Users\Admin\AppData\Local\Temp\b3f70ca0d6059d46c8218e3f66190ca2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 96
  2⤵
  - Program crash
  PID:2932

memory/2692-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download