95a49c3be2a24093fb1ee95c109cab66e530e6d97900a50bf3166f837dd0923c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-03-2024 17:57

Target

c684832e493429b66ce7381273a8494c.exe
Size

66KB
MD5

c684832e493429b66ce7381273a8494c
SHA1

444d07bea3bdec06f1254a8fe70b507e6a62b0a3
SHA256

95a49c3be2a24093fb1ee95c109cab66e530e6d97900a50bf3166f837dd0923c
SHA512

2aa6c0f0ee87ee9f4612e9bb6f2f43f0b119071e85253a1e143fbec47d5550f02d56e23373a4d7f0b06234067030ec3e35451a43bd0aecadf7b7e35d7853ed15
SSDEEP

1536:SB0S0/95IO+5kfhB3rOmSigCJ+0p0jmmepb8hiR4wp9JkM:4agOC8/3rOmSigCJzUe58UJ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2192	1632	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 2192	1632	c684832e493429b66ce7381273a8494c.exe	28
PID 1632 wrote to memory of 2192	1632	c684832e493429b66ce7381273a8494c.exe	28
PID 1632 wrote to memory of 2192	1632	c684832e493429b66ce7381273a8494c.exe	28
PID 1632 wrote to memory of 2192	1632	c684832e493429b66ce7381273a8494c.exe	28

C:\Users\Admin\AppData\Local\Temp\c684832e493429b66ce7381273a8494c.exe
"C:\Users\Admin\AppData\Local\Temp\c684832e493429b66ce7381273a8494c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 36
  2⤵
  - Program crash
  PID:2192