eec213a010640856ea35344c9ec80413799677165d66abbc4acafab758b3a655

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 02:28

Target

bd6eb31c5c26234861b8f412ec794343.exe
Size

340KB
MD5

bd6eb31c5c26234861b8f412ec794343
SHA1

65da30b95ffb7a3cf8e86b5740d1b185a246288f
SHA256

eec213a010640856ea35344c9ec80413799677165d66abbc4acafab758b3a655
SHA512

769a794e5a4169fbb70efc53eff87eac71b560a221f48972d743d700e797000121b3a77b6a29617bc6acefa23eb7033bb643fc238e01c4698968831ea175324b
SSDEEP

6144:NOYXUi9M4clGvSlvHn3ycOi4Y2B4WPQrE2y31ckWXkvY6C15gV49t8Dp3x0Ew+g3:NOYN9mP1H3ycp4B4WPuJyFc5XCY6C7gg

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2984	2920	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 2984	2920	bd6eb31c5c26234861b8f412ec794343.exe	28
PID 2920 wrote to memory of 2984	2920	bd6eb31c5c26234861b8f412ec794343.exe	28
PID 2920 wrote to memory of 2984	2920	bd6eb31c5c26234861b8f412ec794343.exe	28
PID 2920 wrote to memory of 2984	2920	bd6eb31c5c26234861b8f412ec794343.exe	28

C:\Users\Admin\AppData\Local\Temp\bd6eb31c5c26234861b8f412ec794343.exe
"C:\Users\Admin\AppData\Local\Temp\bd6eb31c5c26234861b8f412ec794343.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 176
  2⤵
  - Program crash
  PID:2984