6bb4fc8efb517d1d17eb647b5ac35ddfc38f0c23e12da43293545584aac61cb4

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-03-2024 08:55

Target

be30a79be5052741ae70f84ebabd032f.exe
Size

534KB
MD5

be30a79be5052741ae70f84ebabd032f
SHA1

ce9cb3b780c60ad766583a8a469acf259cc0f183
SHA256

6bb4fc8efb517d1d17eb647b5ac35ddfc38f0c23e12da43293545584aac61cb4
SHA512

4de54b94565b754539286a09ef4d2b757f2aeea100dc67af429223554c57dc681d2382bca9c1e7547d81fd38397e55585101682a1b01399e111d4e32b614c1b7
SSDEEP

12288:ZDM1p8H6DbjEHpsNBB/7wTQdn80Vgf9mBdC0yRYGYVT9P:G1p80bjEHpsNBB/sTQC0Of9mBduRYGK1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
772	2948	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 772	2948	be30a79be5052741ae70f84ebabd032f.exe	28
PID 2948 wrote to memory of 772	2948	be30a79be5052741ae70f84ebabd032f.exe	28
PID 2948 wrote to memory of 772	2948	be30a79be5052741ae70f84ebabd032f.exe	28
PID 2948 wrote to memory of 772	2948	be30a79be5052741ae70f84ebabd032f.exe	28

C:\Users\Admin\AppData\Local\Temp\be30a79be5052741ae70f84ebabd032f.exe
"C:\Users\Admin\AppData\Local\Temp\be30a79be5052741ae70f84ebabd032f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 136
  2⤵
  - Program crash
  PID:772