59de5a73170114fcaa984056938be9424c30681f3d8eb974296cddd50bf5a355

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-03-2024 19:06

Target

c6a549c6f3ddfbe72eeb40737a69920c.exe
Size

367KB
MD5

c6a549c6f3ddfbe72eeb40737a69920c
SHA1

694c94854c745474d1ba84748c32d82e41ebc689
SHA256

59de5a73170114fcaa984056938be9424c30681f3d8eb974296cddd50bf5a355
SHA512

973fea9d50378cbfd81b03142b9403e6ca8b9e270a5439f6ef2d193451a568851bb63a2915486c661bb95ff24eeef9deb6280935990bd8b631459e5586b31324
SSDEEP

6144:rpEcAd/Mm5ZkyUneRTnJOmQ4W4/6zA5K0TzJRCp4xRvKUllD/W13+S:rTAOm5eyUnJmCzAXTzJR3RvK6lCwS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2232	2188	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2232	2188	c6a549c6f3ddfbe72eeb40737a69920c.exe	28
PID 2188 wrote to memory of 2232	2188	c6a549c6f3ddfbe72eeb40737a69920c.exe	28
PID 2188 wrote to memory of 2232	2188	c6a549c6f3ddfbe72eeb40737a69920c.exe	28
PID 2188 wrote to memory of 2232	2188	c6a549c6f3ddfbe72eeb40737a69920c.exe	28

C:\Users\Admin\AppData\Local\Temp\c6a549c6f3ddfbe72eeb40737a69920c.exe
"C:\Users\Admin\AppData\Local\Temp\c6a549c6f3ddfbe72eeb40737a69920c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 116
  2⤵
  - Program crash
  PID:2232

memory/2188-0-0x0000000000CB0000-0x0000000000D10000-memory.dmp

Filesize
384KB

Download