21d8546a8b076913954978e7b45544683a203dfa9792326315b6c00946f2a543

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 04:46

Target

bdb27251b6d837b58a22d2f616c95b46.exe
Size

23KB
MD5

bdb27251b6d837b58a22d2f616c95b46
SHA1

7fd544fa58685faf4a2a6b72a8d36115fce55900
SHA256

21d8546a8b076913954978e7b45544683a203dfa9792326315b6c00946f2a543
SHA512

36f74e403eba265cbc4c70562d06e4b39bca89a97ca8abc7bf20b629d8fe88e700c88476ed463e57f03ef80a0bfba9b494eecaa81d1df47c9702f38245e2b629
SSDEEP

384:4/7fr5wsgBjzjKPLAGnvztPOdAdYfPenyDVMenIvWzh06VGJOvm29ce:ei/VjKzAGdON2nQueIs06hC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1728	2508	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 1728	2508	bdb27251b6d837b58a22d2f616c95b46.exe	28
PID 2508 wrote to memory of 1728	2508	bdb27251b6d837b58a22d2f616c95b46.exe	28
PID 2508 wrote to memory of 1728	2508	bdb27251b6d837b58a22d2f616c95b46.exe	28
PID 2508 wrote to memory of 1728	2508	bdb27251b6d837b58a22d2f616c95b46.exe	28

C:\Users\Admin\AppData\Local\Temp\bdb27251b6d837b58a22d2f616c95b46.exe
"C:\Users\Admin\AppData\Local\Temp\bdb27251b6d837b58a22d2f616c95b46.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 44
  2⤵
  - Program crash
  PID:1728