474805ace0e25200cf213d31a90444070ebdc68ac80841f3bcb414af0566da33

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07-03-2024 01:43

Target

484c77e2fbbe44f0edf0eb59e77b1e5a.exe
Size

8.1MB
MD5

484c77e2fbbe44f0edf0eb59e77b1e5a
SHA1

e65b59a40e6cc861e88d4ebae1a753bfc89b92d4
SHA256

474805ace0e25200cf213d31a90444070ebdc68ac80841f3bcb414af0566da33
SHA512

51c5349e0b52d1c8e02b93ab079be41275ff76a41b6b404972eb696869e4ad704b434a92d5c94bf153794c12e3454d58b04bc75615132570afadf2b76b167923
SSDEEP

98304:9iy+j3/y+SE5USLbS3kkM+b25Iz9CSPv2qmxqboYhtRFXSYweFsWxVTqPkuUXqKX:srj3KuC0WeqHbokvXoeFv3qcMm

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2804 2756 WerFault.exe 484c77e2fbbe44f0edf0eb59e77b1e5a.exe

pid	pid_target	process	target process
2804	2756	WerFault.exe	484c77e2fbbe44f0edf0eb59e77b1e5a.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

484c77e2fbbe44f0edf0eb59e77b1e5a.exe

description	pid	process	target process
PID 2756 wrote to memory of 2804	2756	484c77e2fbbe44f0edf0eb59e77b1e5a.exe	WerFault.exe
PID 2756 wrote to memory of 2804	2756	484c77e2fbbe44f0edf0eb59e77b1e5a.exe	WerFault.exe
PID 2756 wrote to memory of 2804	2756	484c77e2fbbe44f0edf0eb59e77b1e5a.exe	WerFault.exe
PID 2756 wrote to memory of 2804	2756	484c77e2fbbe44f0edf0eb59e77b1e5a.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\484c77e2fbbe44f0edf0eb59e77b1e5a.exe
"C:\Users\Admin\AppData\Local\Temp\484c77e2fbbe44f0edf0eb59e77b1e5a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 36
2⤵
- Program crash
PID:2804