aac2b46137f1c3eca6b718f58eee1781b55b04dcf76797c6d04373ec8082363c

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-03-2024 08:10

Target

c2e0c0edc9452dd449e0f632c147d20f.exe
Size

321KB
MD5

c2e0c0edc9452dd449e0f632c147d20f
SHA1

2ea176214775938b4f8fe99eb658ba0f0d1bd89e
SHA256

aac2b46137f1c3eca6b718f58eee1781b55b04dcf76797c6d04373ec8082363c
SHA512

60c5ba3ea337f61e27304ec7e6564d6a5461dcd245a982a2a993b16cb02c0f769e0a800fcf2a7ce7f760bd408515f020aec5bb2397a735a8d05624aa83db240b
SSDEEP

6144:OTj1OTEKnsub1upoH7td/tQqG56Prd3Z5NBA3r14lJDNIli:OFOoKnsub6oHprG5+3a7STYi

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2888	1368	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 2888	1368	c2e0c0edc9452dd449e0f632c147d20f.exe	28
PID 1368 wrote to memory of 2888	1368	c2e0c0edc9452dd449e0f632c147d20f.exe	28
PID 1368 wrote to memory of 2888	1368	c2e0c0edc9452dd449e0f632c147d20f.exe	28
PID 1368 wrote to memory of 2888	1368	c2e0c0edc9452dd449e0f632c147d20f.exe	28

C:\Users\Admin\AppData\Local\Temp\c2e0c0edc9452dd449e0f632c147d20f.exe
"C:\Users\Admin\AppData\Local\Temp\c2e0c0edc9452dd449e0f632c147d20f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 116
  2⤵
  - Program crash
  PID:2888

memory/1368-0-0x00000000011B0000-0x0000000001205000-memory.dmp

Filesize
340KB

Download