5836451c9426981ad8a6bc6279d0a59e8bad0dcf3828d5ba8d9f3e871e6cc1cd

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 22:40

Target

c1c9b91e058ed965fd819e8f5d62c4b6.exe
Size

75KB
MD5

c1c9b91e058ed965fd819e8f5d62c4b6
SHA1

8b2fb5581ba19ca0d4002041af345a59bbd508df
SHA256

5836451c9426981ad8a6bc6279d0a59e8bad0dcf3828d5ba8d9f3e871e6cc1cd
SHA512

733c9b9015d03aa616ec4964df7111fbaf75d4c68a5e63456605ef2bcfe5d8a68adc51ba990cad68c6440737b9bb158fd8cf86e7c31d15c1998d8caa59e99c27
SSDEEP

1536:n1N42ahZyDRrC/Edz4Bm2gsf9MxbaVAAD1KlUbMtj9UM00WJo:M5Ir9sB/f9MVAhdM85

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2840	1404	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 2840	1404	c1c9b91e058ed965fd819e8f5d62c4b6.exe	28
PID 1404 wrote to memory of 2840	1404	c1c9b91e058ed965fd819e8f5d62c4b6.exe	28
PID 1404 wrote to memory of 2840	1404	c1c9b91e058ed965fd819e8f5d62c4b6.exe	28
PID 1404 wrote to memory of 2840	1404	c1c9b91e058ed965fd819e8f5d62c4b6.exe	28

C:\Users\Admin\AppData\Local\Temp\c1c9b91e058ed965fd819e8f5d62c4b6.exe
"C:\Users\Admin\AppData\Local\Temp\c1c9b91e058ed965fd819e8f5d62c4b6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 144
  2⤵
  - Program crash
  PID:2840

memory/1404-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1404-1-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download