621d66cfdf06bb370d8c4584189c8d62c814d8afc38efa993d1da25e939318c9

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-03-2024 17:30

Target

1868-184-0x0000000000400000-0x000000000046C000-memory.exe
Size

432KB
MD5

1cd15f40f8a915ee415892df90a0587c
SHA1

1942d25653a4ac8b352e5488cfeeaf426fff4d46
SHA256

621d66cfdf06bb370d8c4584189c8d62c814d8afc38efa993d1da25e939318c9
SHA512

a377ac32a73b8441a09d9b44efcd48a87ae5b03bb15ae6a209e5f1f3886ad412786ce60bc989a8533c9054a011a85e0bd9a0c7938950b12d637adb8e3df43d63
SSDEEP

6144:z66+X5aG78XAIn2RN2iy3g8UpioUb65qJfbri5bMuCV4a7SqdBFJVkShVU:z6HX5aG782ook65G/id5CV57vZVk

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3040 3024 WerFault.exe 1868-184-0x0000000000400000-0x000000000046C000-memory.exe

pid	pid_target	process	target process
3040	3024	WerFault.exe	1868-184-0x0000000000400000-0x000000000046C000-memory.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

1868-184-0x0000000000400000-0x000000000046C000-memory.exe

description	pid	process	target process
PID 3024 wrote to memory of 3040	3024	1868-184-0x0000000000400000-0x000000000046C000-memory.exe	WerFault.exe
PID 3024 wrote to memory of 3040	3024	1868-184-0x0000000000400000-0x000000000046C000-memory.exe	WerFault.exe
PID 3024 wrote to memory of 3040	3024	1868-184-0x0000000000400000-0x000000000046C000-memory.exe	WerFault.exe
PID 3024 wrote to memory of 3040	3024	1868-184-0x0000000000400000-0x000000000046C000-memory.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\1868-184-0x0000000000400000-0x000000000046C000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\1868-184-0x0000000000400000-0x000000000046C000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 36
2⤵
- Program crash
PID:3040