52ceaa6886ea38ffbc284d4dfdd6285171e63ded9454770a42da0b36f68e9658

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-03-2024 02:58

Target

bfa9a692c59869a4e505289d2af6ea48.exe
Size

50KB
MD5

bfa9a692c59869a4e505289d2af6ea48
SHA1

5f93bf3d1666203f684076ef04d832f86121000a
SHA256

52ceaa6886ea38ffbc284d4dfdd6285171e63ded9454770a42da0b36f68e9658
SHA512

6e1c526ddc0595fde5dc967083534b5c84df9faf5030f3bd62ac8aad69170f49dbf8ed6076132f24d7948201fbc059354a1a1eb908c6f36fda2ae5f62d9e00b3
SSDEEP

768:hDB/d+pCfgr4w0E2zWVjsO1bH/09SfvQgP/fL5P8G2JkFpEXo27:hNVD2iEIysgzLfogPL5EJj4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2772	1636	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2772	1636	bfa9a692c59869a4e505289d2af6ea48.exe	28
PID 1636 wrote to memory of 2772	1636	bfa9a692c59869a4e505289d2af6ea48.exe	28
PID 1636 wrote to memory of 2772	1636	bfa9a692c59869a4e505289d2af6ea48.exe	28
PID 1636 wrote to memory of 2772	1636	bfa9a692c59869a4e505289d2af6ea48.exe	28

C:\Users\Admin\AppData\Local\Temp\bfa9a692c59869a4e505289d2af6ea48.exe
"C:\Users\Admin\AppData\Local\Temp\bfa9a692c59869a4e505289d2af6ea48.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 88
  2⤵
  - Program crash
  PID:2772

memory/1636-0-0x00000000003A0000-0x00000000003A3000-memory.dmp

Filesize
12KB

Download