bebae75f3bd53bc1286bddb1c59d43321c381fe63093900fd1a28362d3cf1a34

Analysis

max time kernel
141s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 07:00

Target

bdf852ec05009c4f80414ad63169ace6.exe
Size

542KB
MD5

bdf852ec05009c4f80414ad63169ace6
SHA1

f5980cdc0763209cb6c941f1e2a1aa7db8043199
SHA256

bebae75f3bd53bc1286bddb1c59d43321c381fe63093900fd1a28362d3cf1a34
SHA512

29000849b85b316de82387ba8935c28b236d82b60f7d9c6c41af45d9b7cebc88a29721a145bb01cfa897484a767402973b6d626eadf5ac9dcfd48eb0fc7905a2
SSDEEP

12288:Ie6cPBhTwXIMbK1R7d8IiTvSGT8gtFRHHkX+pd167QhEX+zQ:IJQTwYMb6dqIiLSGbFNkE6EhTQ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1096	2804	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 1096	2804	bdf852ec05009c4f80414ad63169ace6.exe	28
PID 2804 wrote to memory of 1096	2804	bdf852ec05009c4f80414ad63169ace6.exe	28
PID 2804 wrote to memory of 1096	2804	bdf852ec05009c4f80414ad63169ace6.exe	28
PID 2804 wrote to memory of 1096	2804	bdf852ec05009c4f80414ad63169ace6.exe	28

C:\Users\Admin\AppData\Local\Temp\bdf852ec05009c4f80414ad63169ace6.exe
"C:\Users\Admin\AppData\Local\Temp\bdf852ec05009c4f80414ad63169ace6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 88
  2⤵
  - Program crash
  PID:1096

memory/2804-1-0x00000000004D2000-0x00000000004E9000-memory.dmp

Filesize
92KB

Download
memory/2804-2-0x0000000000400000-0x00000000004E8BE2-memory.dmp

Filesize
930KB

Download
memory/2804-0-0x00000000004D2000-0x00000000004E9000-memory.dmp

Filesize
92KB

Download
memory/2804-3-0x0000000000400000-0x00000000004E8BE2-memory.dmp

Filesize
930KB

Download