37c56a194b18a07158241c39365789eafc2c14a4573c11fac61e3d30977477cc

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05-03-2024 08:27

Target

b440d9cc9645e240f59719a56b4a7d70.exe
Size

180KB
MD5

b440d9cc9645e240f59719a56b4a7d70
SHA1

573b100bb08628a0431f858cb218954f698b1bda
SHA256

37c56a194b18a07158241c39365789eafc2c14a4573c11fac61e3d30977477cc
SHA512

5629d0980c8a88d577f183ceee745dfd50a0c9277dd92d391a2ee7a39f1c6e34ea46defbe0ccf0aed6094c166f083241b073864333fb7a48221355edf1cf1827
SSDEEP

3072:+70b5VZRhIgwr7fSIDXDrLfD/SdDhX0gTtoGqcPmi/mbsTXTY+ifiEY+ct91M/n6:+7SXZRhIXLXfDGdhZGcvsSY+pEY+S91F

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2948	2792	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2948	2792	b440d9cc9645e240f59719a56b4a7d70.exe	28
PID 2792 wrote to memory of 2948	2792	b440d9cc9645e240f59719a56b4a7d70.exe	28
PID 2792 wrote to memory of 2948	2792	b440d9cc9645e240f59719a56b4a7d70.exe	28
PID 2792 wrote to memory of 2948	2792	b440d9cc9645e240f59719a56b4a7d70.exe	28

C:\Users\Admin\AppData\Local\Temp\b440d9cc9645e240f59719a56b4a7d70.exe
"C:\Users\Admin\AppData\Local\Temp\b440d9cc9645e240f59719a56b4a7d70.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 116
  2⤵
  - Program crash
  PID:2948

memory/2792-0-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2792-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2792-2-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2792-3-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download