5fbb9e411fa3a0899de205980351ca1d175ffb25b3eadfcc21ee9e78a3c20683

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 13:16

Target

SpaceInfo.exe
Size

11KB
MD5

9dbc8f4b5a2b9a8dfc4b04b2d4371cfb
SHA1

3d57e9e616365b4312744f03ce68746450bfb387
SHA256

5fbb9e411fa3a0899de205980351ca1d175ffb25b3eadfcc21ee9e78a3c20683
SHA512

f83e3d0637dfe94595711dfb856cf53a9d4d29ead9db89ab814269900a572a54f61a1a9bc11445e0e59209ee488b8c1addd0de75d0e12f946ac568d9f8694f4a
SSDEEP

192:3VPXz05OVprL2a0+2nXeFXJ9LL3LKLLfwOgh5pJXkj9fGDgT:3RBprL2a0nXc59LL3LKLjwvHkfmg

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2844	1772	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 2844	1772	SpaceInfo.exe	28
PID 1772 wrote to memory of 2844	1772	SpaceInfo.exe	28
PID 1772 wrote to memory of 2844	1772	SpaceInfo.exe	28
PID 1772 wrote to memory of 2844	1772	SpaceInfo.exe	28

C:\Users\Admin\AppData\Local\Temp\SpaceInfo.exe
"C:\Users\Admin\AppData\Local\Temp\SpaceInfo.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 604
  2⤵
  - Program crash
  PID:2844

memory/1772-1-0x0000000073F20000-0x000000007460E000-memory.dmp

Filesize
6.9MB

Download
memory/1772-0-0x0000000001330000-0x000000000133A000-memory.dmp

Filesize
40KB

Download
memory/1772-2-0x0000000000590000-0x00000000005D0000-memory.dmp

Filesize
256KB

Download
memory/1772-3-0x0000000073F20000-0x000000007460E000-memory.dmp

Filesize
6.9MB

Download
memory/1772-4-0x0000000000590000-0x00000000005D0000-memory.dmp

Filesize
256KB

Download