eaa9e40eb041392d34f5af7412301a40b407942d310f0526d0830853f8c6f51d

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 00:47 UTC

Target

ca0ec1bb30fdd631a3ef78e16098a46b.exe
Size

76KB
MD5

ca0ec1bb30fdd631a3ef78e16098a46b
SHA1

6bedbdf9ca916dc68ba0ed8587a15a065d289bdf
SHA256

eaa9e40eb041392d34f5af7412301a40b407942d310f0526d0830853f8c6f51d
SHA512

1489f58218913d1d19421da846b7b89867e010b082303992008ae21831fe7f8724dc99c0b477e86bf4cf82b54387ff445d0f16c795db0e050525b24b3a934e28
SSDEEP

1536:i/ePyXHZ7DA4BfBrmTiXvvvUgbFNCuACP1DIgN:IeSHZ7DTBfBrB/UgbFNCuAq2C

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2484	2180	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2484	2180	ca0ec1bb30fdd631a3ef78e16098a46b.exe	28
PID 2180 wrote to memory of 2484	2180	ca0ec1bb30fdd631a3ef78e16098a46b.exe	28
PID 2180 wrote to memory of 2484	2180	ca0ec1bb30fdd631a3ef78e16098a46b.exe	28
PID 2180 wrote to memory of 2484	2180	ca0ec1bb30fdd631a3ef78e16098a46b.exe	28

C:\Users\Admin\AppData\Local\Temp\ca0ec1bb30fdd631a3ef78e16098a46b.exe
"C:\Users\Admin\AppData\Local\Temp\ca0ec1bb30fdd631a3ef78e16098a46b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 108
  2⤵
  - Program crash
  PID:2484

memory/2180-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2180-1-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download