68301328213b207a356da751f39342c1acd7927887c4463f02485d7936a43cd3

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 05:59

Target

c5270b8d6ea3b77a0ec41908cd0dfde1.exe
Size

548KB
MD5

c5270b8d6ea3b77a0ec41908cd0dfde1
SHA1

332e70356620c82f5d7fb73a770a783d68389545
SHA256

68301328213b207a356da751f39342c1acd7927887c4463f02485d7936a43cd3
SHA512

4d22c9d7c0311aab79f5ac17b83f662592fc775e4e59c7ac5ce9959474ccff1f8f2575594c24a05db10a3ba7091639fcd065a958f8b52d777f052bf285919f58
SSDEEP

12288:rBuqGFSj2NdrGMXmnDCr9LkDQoyazsfTGuk9lBgZNzjgRqIMe:nGzNdrrmnDK9LGw7olOWpX

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1448	2240	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 1448	2240	c5270b8d6ea3b77a0ec41908cd0dfde1.exe	28
PID 2240 wrote to memory of 1448	2240	c5270b8d6ea3b77a0ec41908cd0dfde1.exe	28
PID 2240 wrote to memory of 1448	2240	c5270b8d6ea3b77a0ec41908cd0dfde1.exe	28
PID 2240 wrote to memory of 1448	2240	c5270b8d6ea3b77a0ec41908cd0dfde1.exe	28

C:\Users\Admin\AppData\Local\Temp\c5270b8d6ea3b77a0ec41908cd0dfde1.exe
"C:\Users\Admin\AppData\Local\Temp\c5270b8d6ea3b77a0ec41908cd0dfde1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 48
  2⤵
  - Program crash
  PID:1448