4f08b470c4f96116c5ffc2c00a09e6ab22915bfcd6965a1abc94f7523e11037c

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 21:21

Target

c1a1dd9bf20b087c5f407f600aacb7b9.exe
Size

17KB
MD5

c1a1dd9bf20b087c5f407f600aacb7b9
SHA1

fcba5d4b78f817c2768cfc408d56ea0ccb63afc5
SHA256

4f08b470c4f96116c5ffc2c00a09e6ab22915bfcd6965a1abc94f7523e11037c
SHA512

366aff0aa41e24e3e7cc941de2008f63d92291e88bfae2495e7ca6bcfe6ee98a54a81c403faf0fc03534ab333ab30c9ba832d53f6577f01f0734e459ffff417f
SSDEEP

384:8A7eu3DbDqtR8wZFC9pC/8TM65ALKgXEzEEZPDt481/oZ6Zb9Apt/8TM65ALlaJ/:81u3DHqtqwZFC9pC/8TM65ALKgXEzEEB

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2520	3020	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 2520	3020	c1a1dd9bf20b087c5f407f600aacb7b9.exe	28
PID 3020 wrote to memory of 2520	3020	c1a1dd9bf20b087c5f407f600aacb7b9.exe	28
PID 3020 wrote to memory of 2520	3020	c1a1dd9bf20b087c5f407f600aacb7b9.exe	28
PID 3020 wrote to memory of 2520	3020	c1a1dd9bf20b087c5f407f600aacb7b9.exe	28

C:\Users\Admin\AppData\Local\Temp\c1a1dd9bf20b087c5f407f600aacb7b9.exe
"C:\Users\Admin\AppData\Local\Temp\c1a1dd9bf20b087c5f407f600aacb7b9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 36
  2⤵
  - Program crash
  PID:2520