e72929714ffd6a0db54595b91d4766c305cdb44d3eb1d7ab62412fa951726166

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 12:49

Target

c5eae2c19f7b7c50a90b2460c1475703.exe
Size

13KB
MD5

c5eae2c19f7b7c50a90b2460c1475703
SHA1

2faaa23db521d4a4a3ed9b4f21a070f1d72b0273
SHA256

e72929714ffd6a0db54595b91d4766c305cdb44d3eb1d7ab62412fa951726166
SHA512

d23232c3c7e316ec3b982ae056de345bfdcf26d8d1c999ad3a25b7da2768231505bfc1baaa14fc8b756821e0d8a08c2a4b4b09482e93dc85982c41538d05bc01
SSDEEP

192:9OM+rYuTOC5gYz60Z8QQde3KyWkQfS7fX7N+blMxEMEvLg7M9ddbg7P1aOvdpmjE:9OMgYubNHcByV7fEacTh9dq79ausHHu

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1448	2696	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 1448	2696	c5eae2c19f7b7c50a90b2460c1475703.exe	28
PID 2696 wrote to memory of 1448	2696	c5eae2c19f7b7c50a90b2460c1475703.exe	28
PID 2696 wrote to memory of 1448	2696	c5eae2c19f7b7c50a90b2460c1475703.exe	28
PID 2696 wrote to memory of 1448	2696	c5eae2c19f7b7c50a90b2460c1475703.exe	28

C:\Users\Admin\AppData\Local\Temp\c5eae2c19f7b7c50a90b2460c1475703.exe
"C:\Users\Admin\AppData\Local\Temp\c5eae2c19f7b7c50a90b2460c1475703.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 36
  2⤵
  - Program crash
  PID:1448

memory/2696-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download