f05332c356874b3b03651bf02fd0d6eb194a1f771f4b0e25178270fa1ad0ddb7

Analysis

max time kernel
142s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 01:16

Target

bd470a5f38a9948f393fc1670036cfbc.exe
Size

63KB
MD5

bd470a5f38a9948f393fc1670036cfbc
SHA1

93295cfe788025e22c225d899ff8ad7c13e1dff9
SHA256

f05332c356874b3b03651bf02fd0d6eb194a1f771f4b0e25178270fa1ad0ddb7
SHA512

46834db2e20253de1b84ad57518884c7ba3f0513847f34c09ffe44f04a7cff239e966deb2f6ea91877cf32c45169db919292af01b863f22932fe2e70cfb21bbd
SSDEEP

1536:rHRu5wxQHzRFrwRPmnqc81NgilUi3oMQa0Vrw1JtDMYTx4mMMf:rWkyXfnqhUmwa0VrSJVZxMS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3000	364	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 364 wrote to memory of 3000	364	bd470a5f38a9948f393fc1670036cfbc.exe	28
PID 364 wrote to memory of 3000	364	bd470a5f38a9948f393fc1670036cfbc.exe	28
PID 364 wrote to memory of 3000	364	bd470a5f38a9948f393fc1670036cfbc.exe	28
PID 364 wrote to memory of 3000	364	bd470a5f38a9948f393fc1670036cfbc.exe	28

C:\Users\Admin\AppData\Local\Temp\bd470a5f38a9948f393fc1670036cfbc.exe
"C:\Users\Admin\AppData\Local\Temp\bd470a5f38a9948f393fc1670036cfbc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 148
  2⤵
  - Program crash
  PID:3000

memory/364-0-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download