1cc2b57f1ee8569e4ebf7b7de77ade7d99d8d7ce290793be9392c1707823e788

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 00:35

Target

c4855ac360c50bf6499c9ef58d62194e.exe
Size

579KB
MD5

c4855ac360c50bf6499c9ef58d62194e
SHA1

436fdc41098720f8c33670a573c61506da46e42c
SHA256

1cc2b57f1ee8569e4ebf7b7de77ade7d99d8d7ce290793be9392c1707823e788
SHA512

2fc1e2eb4dd5602053547f538c680bbe097435be20d1c95f505f3e2fb2ad9680690647f2aae837e957f83ad2f006402100b3c9735841701d6e1424902cbe2549
SSDEEP

12288:aBBxjFqIL9UqypkPNY2LUUkyBFVPlY/doXuXbRg3Dgyv5hZKIZ:aBLpjLeqKGNDUUk2VPlMdcKg3Dgfa

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2328	1312	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 2328	1312	c4855ac360c50bf6499c9ef58d62194e.exe	28
PID 1312 wrote to memory of 2328	1312	c4855ac360c50bf6499c9ef58d62194e.exe	28
PID 1312 wrote to memory of 2328	1312	c4855ac360c50bf6499c9ef58d62194e.exe	28
PID 1312 wrote to memory of 2328	1312	c4855ac360c50bf6499c9ef58d62194e.exe	28

C:\Users\Admin\AppData\Local\Temp\c4855ac360c50bf6499c9ef58d62194e.exe
"C:\Users\Admin\AppData\Local\Temp\c4855ac360c50bf6499c9ef58d62194e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 156
  2⤵
  - Program crash
  PID:2328

memory/1312-0-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/1312-1-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download