b4946246b47822485c0d8626cdd50b1828d6bc5d3efac8c846c5eba83655bf0b

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 15:52

Target

bba6c0f2f4b5c40847de595c3df05be3.exe
Size

368KB
MD5

bba6c0f2f4b5c40847de595c3df05be3
SHA1

05c4eb6bfd4cf155966abeaf0d9edafb9a0b2274
SHA256

b4946246b47822485c0d8626cdd50b1828d6bc5d3efac8c846c5eba83655bf0b
SHA512

aaeb4a3c73d1b427ba0265fed1d1ed8d3847e5f52e4683e5288924f904c09273ea440ff9ba7a6b4de4e039d86486bcc633d49be48557aaeffcaac2f42bd5d5e7
SSDEEP

6144:RTAp4naqm5GR/0N4Ftn6vicI8qtQQenKDFujBeqSDgzB8jk3b:R041m5Q/0N4L9xYus1NSD2Cg3b

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1756	924	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 924 wrote to memory of 1756	924	bba6c0f2f4b5c40847de595c3df05be3.exe	28
PID 924 wrote to memory of 1756	924	bba6c0f2f4b5c40847de595c3df05be3.exe	28
PID 924 wrote to memory of 1756	924	bba6c0f2f4b5c40847de595c3df05be3.exe	28
PID 924 wrote to memory of 1756	924	bba6c0f2f4b5c40847de595c3df05be3.exe	28

C:\Users\Admin\AppData\Local\Temp\bba6c0f2f4b5c40847de595c3df05be3.exe
"C:\Users\Admin\AppData\Local\Temp\bba6c0f2f4b5c40847de595c3df05be3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:924
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 116
  2⤵
  - Program crash
  PID:1756

memory/924-0-0x0000000000FF0000-0x0000000001050000-memory.dmp

Filesize
384KB

Download