f801d5dab80788ecc15db924a8bed255639468d6734ae70d8c70a57506dfbe90

Analysis

max time kernel
144s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-03-2024 12:37

Target

b76accd99742eca4001b3f752e65eb58.exe
Size

75KB
MD5

b76accd99742eca4001b3f752e65eb58
SHA1

8b5ab1e6f3bad628a314ad9a39a7b89ed6a37aca
SHA256

f801d5dab80788ecc15db924a8bed255639468d6734ae70d8c70a57506dfbe90
SHA512

5da1943ae093f3bacd2d02b9c1d5e9f00bfdf8415cd2bd00cdcfa93270bffeb475abc19d2bbeea141b80516f894feedc12021fa24c21bef0ebe669f220456dbc
SSDEEP

1536:pwIkLiEan703D5wok+YBTUhe+G5Jg98ITUkJmx2HNxErWMmv:pwS703u+KSe+vSITdMUHxM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2096	2320	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2096	2320	b76accd99742eca4001b3f752e65eb58.exe	28
PID 2320 wrote to memory of 2096	2320	b76accd99742eca4001b3f752e65eb58.exe	28
PID 2320 wrote to memory of 2096	2320	b76accd99742eca4001b3f752e65eb58.exe	28
PID 2320 wrote to memory of 2096	2320	b76accd99742eca4001b3f752e65eb58.exe	28

C:\Users\Admin\AppData\Local\Temp\b76accd99742eca4001b3f752e65eb58.exe
"C:\Users\Admin\AppData\Local\Temp\b76accd99742eca4001b3f752e65eb58.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 88
  2⤵
  - Program crash
  PID:2096

memory/2320-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2320-1-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download