ca22299f7826e3f004e5fbb9579f8ab02d0c5a24b0c622835b9a17f48feadeee

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 05:11

Target

ba99b6f2d2ae63421e19ed4ef501c3b1.exe
Size

261KB
MD5

ba99b6f2d2ae63421e19ed4ef501c3b1
SHA1

f99879aa6fc7aab46633271f1e34344cc0ad00b1
SHA256

ca22299f7826e3f004e5fbb9579f8ab02d0c5a24b0c622835b9a17f48feadeee
SHA512

ec301205f50d118cb17c6c159e9e4b726e424a8d250d7d2979b94e2fb89ebf734adf2bf8649efe229390c3a151381a5d9f0a161a8b57bf177cbcdf32fbc7f9d4
SSDEEP

6144:lBWUV+ziUcC3h8W9w4oeDee9EBas3FIxbR+d+9zY7/IKabv1mtTB32H:LWUGxQ+9EbIz1mtTO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
624	1764	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 624	1764	ba99b6f2d2ae63421e19ed4ef501c3b1.exe	28
PID 1764 wrote to memory of 624	1764	ba99b6f2d2ae63421e19ed4ef501c3b1.exe	28
PID 1764 wrote to memory of 624	1764	ba99b6f2d2ae63421e19ed4ef501c3b1.exe	28
PID 1764 wrote to memory of 624	1764	ba99b6f2d2ae63421e19ed4ef501c3b1.exe	28

C:\Users\Admin\AppData\Local\Temp\ba99b6f2d2ae63421e19ed4ef501c3b1.exe
"C:\Users\Admin\AppData\Local\Temp\ba99b6f2d2ae63421e19ed4ef501c3b1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 88
  2⤵
  - Program crash
  PID:624