407e925765602aded6e8f8502eacdf581d3e21aa0ff2950ec47f3e76d9b6415f

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 19:53

Target

b588bf876ae67cb90933a1bfbb2dd139.exe
Size

56KB
MD5

b588bf876ae67cb90933a1bfbb2dd139
SHA1

ac63091182d0fab86c55b2182addd9e699f7ced9
SHA256

407e925765602aded6e8f8502eacdf581d3e21aa0ff2950ec47f3e76d9b6415f
SHA512

9d39e15249e6fe108f782ce7182a5ac8a2a37b60a801e5cf6f924367d947801edb6f6aac11248be4c7d02d663d34ba12bf861ddab30ea82870d17ba9bd860a77
SSDEEP

768:Ay6JBmMuUy5MkR+22m2pZzP/argzvv2JtAUslqi594323SPgs46r8tW0jp068cOA:A/5NwiUsPB3SPwalkasH

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2988	2460	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2988	2460	b588bf876ae67cb90933a1bfbb2dd139.exe	28
PID 2460 wrote to memory of 2988	2460	b588bf876ae67cb90933a1bfbb2dd139.exe	28
PID 2460 wrote to memory of 2988	2460	b588bf876ae67cb90933a1bfbb2dd139.exe	28
PID 2460 wrote to memory of 2988	2460	b588bf876ae67cb90933a1bfbb2dd139.exe	28

C:\Users\Admin\AppData\Local\Temp\b588bf876ae67cb90933a1bfbb2dd139.exe
"C:\Users\Admin\AppData\Local\Temp\b588bf876ae67cb90933a1bfbb2dd139.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 36
  2⤵
  - Program crash
  PID:2988