e608f1e9a06f9ff00378968f616242eb3e09b8d22481c8d99d9ae9bf1d26c0a6

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-03-2024 08:05

Target

c5622bb285f1f184c7f35caef783a653.exe
Size

31KB
MD5

c5622bb285f1f184c7f35caef783a653
SHA1

1cbdac48ca02def130dbb9aa2d9a42c9320d4151
SHA256

e608f1e9a06f9ff00378968f616242eb3e09b8d22481c8d99d9ae9bf1d26c0a6
SHA512

988e248e8d3bec013f02212fcc1714c1ed3c3b33a41092dea6f9e828815e51a783c8335c5b09e3e5790eafc49657e8bf00bfd8b94960591896641dd284dd194f
SSDEEP

768:WKu4EIgI2EDTUtljOomhozhACKf3C0VW+RXu5SEAOXCJsLxcY:n/EETuxOwzKCK/Kue5SEAGOY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3040	2892	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 3040	2892	c5622bb285f1f184c7f35caef783a653.exe	28
PID 2892 wrote to memory of 3040	2892	c5622bb285f1f184c7f35caef783a653.exe	28
PID 2892 wrote to memory of 3040	2892	c5622bb285f1f184c7f35caef783a653.exe	28
PID 2892 wrote to memory of 3040	2892	c5622bb285f1f184c7f35caef783a653.exe	28

C:\Users\Admin\AppData\Local\Temp\c5622bb285f1f184c7f35caef783a653.exe
"C:\Users\Admin\AppData\Local\Temp\c5622bb285f1f184c7f35caef783a653.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 144
  2⤵
  - Program crash
  PID:3040

memory/2892-0-0x00000000001F0000-0x00000000001F7000-memory.dmp

Filesize
28KB

Download
memory/2892-1-0x00000000001F0000-0x00000000001F7000-memory.dmp

Filesize
28KB

Download