824c5bd7be2e9f387499be100c251a9c414b350ef9da7bcca232704be5b20c7a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 21:27

Target

824c5bd7be2e9f387499be100c251a9c414b350ef9da7bcca232704be5b20c7a.exe
Size

110KB
MD5

969c23480ac828f515d08b63fdb5e6d3
SHA1

da12246c6938607eebb6fdc9d595bf935f235756
SHA256

824c5bd7be2e9f387499be100c251a9c414b350ef9da7bcca232704be5b20c7a
SHA512

e47215008d16e498a9b5d4c367aa4d6f609cbcefd268cab9df6922cf5134f1010a4491799d40ad03fe484f425eddeeb3b84a584ead4323c459bb7b567f48f6c9
SSDEEP

1536:eySox7anKHfHdhR9kl5pbkBBZiGWrTb7JBuZ37ZFZ8K2RIZvJGksCdtbIPMSj:LxQeFhRybQgr7JBi8K2qdtsCAkS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1276	2796	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 1276	2796	824c5bd7be2e9f387499be100c251a9c414b350ef9da7bcca232704be5b20c7a.exe	28
PID 2796 wrote to memory of 1276	2796	824c5bd7be2e9f387499be100c251a9c414b350ef9da7bcca232704be5b20c7a.exe	28
PID 2796 wrote to memory of 1276	2796	824c5bd7be2e9f387499be100c251a9c414b350ef9da7bcca232704be5b20c7a.exe	28
PID 2796 wrote to memory of 1276	2796	824c5bd7be2e9f387499be100c251a9c414b350ef9da7bcca232704be5b20c7a.exe	28

C:\Users\Admin\AppData\Local\Temp\824c5bd7be2e9f387499be100c251a9c414b350ef9da7bcca232704be5b20c7a.exe
"C:\Users\Admin\AppData\Local\Temp\824c5bd7be2e9f387499be100c251a9c414b350ef9da7bcca232704be5b20c7a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 36
  2⤵
  - Program crash
  PID:1276

memory/2796-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download