e46ef70bfc8c60d04126ed120ad18231297a71b8d98f8b156a763d196d01f282

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 15:08

Target

beebaa5e9bcf800d58a89bbc2b27d48e.exe
Size

4KB
MD5

beebaa5e9bcf800d58a89bbc2b27d48e
SHA1

aa1abc3e9864ea96230c5ffba12faabc0e13fe79
SHA256

e46ef70bfc8c60d04126ed120ad18231297a71b8d98f8b156a763d196d01f282
SHA512

1b751a7ec563bcf8476ee8a99308d10a250c98f1e5646e439987ddf3ffdf447b1b2b12e8a73c58da89c15ddfcbe368b5914d6b66b93b75524f951970a41e08d9
SSDEEP

48:SdnGByS49mPB4ffKBWBwQIZWbRV12pXdmDq5WwGh7883l5vCDlZklv:9XFhEpEWgpNo6Ww8xCpW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1588	1456	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 1588	1456	beebaa5e9bcf800d58a89bbc2b27d48e.exe	28
PID 1456 wrote to memory of 1588	1456	beebaa5e9bcf800d58a89bbc2b27d48e.exe	28
PID 1456 wrote to memory of 1588	1456	beebaa5e9bcf800d58a89bbc2b27d48e.exe	28
PID 1456 wrote to memory of 1588	1456	beebaa5e9bcf800d58a89bbc2b27d48e.exe	28

C:\Users\Admin\AppData\Local\Temp\beebaa5e9bcf800d58a89bbc2b27d48e.exe
"C:\Users\Admin\AppData\Local\Temp\beebaa5e9bcf800d58a89bbc2b27d48e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 92
  2⤵
  - Program crash
  PID:1588

memory/1456-0-0x0000000001000000-0x0000000001003000-memory.dmp

Filesize
12KB

Download
memory/1456-1-0x0000000001000000-0x0000000001003000-memory.dmp

Filesize
12KB

Download