6907d4161971ff2db1f57aea5fddcba0bcce50fd887f738004fe4315b895993d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07-03-2024 11:09

Target

b897bb28577334750df48e98194145f5.exe
Size

124KB
MD5

b897bb28577334750df48e98194145f5
SHA1

bb063a7b53a5edcb2f09f300753cb79a3445272e
SHA256

6907d4161971ff2db1f57aea5fddcba0bcce50fd887f738004fe4315b895993d
SHA512

85dc40a7e99aa00f454d12cbf4cfd646b4be5c08ffa2881bf0c65fff9d047de57a3e2540bffea3ab7da89d9ff2a77c97fe47d375f282694c4b7acd58076bc529
SSDEEP

3072:UJn52XoWJZvcetdL+Wkyr2Uo/5Mg09lnpzQ0G2zI2Za:UJinVtdyEqhRMg09lnVQh28

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2720	2916	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2720	2916	b897bb28577334750df48e98194145f5.exe	28
PID 2916 wrote to memory of 2720	2916	b897bb28577334750df48e98194145f5.exe	28
PID 2916 wrote to memory of 2720	2916	b897bb28577334750df48e98194145f5.exe	28
PID 2916 wrote to memory of 2720	2916	b897bb28577334750df48e98194145f5.exe	28

C:\Users\Admin\AppData\Local\Temp\b897bb28577334750df48e98194145f5.exe
"C:\Users\Admin\AppData\Local\Temp\b897bb28577334750df48e98194145f5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 36
  2⤵
  - Program crash
  PID:2720

memory/2916-0-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download