b42e3612dd0c8b361288a7e67087ed618e73fb9554ddd0d0a953603a9b66f94d

Analysis

max time kernel
117s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 14:03

Target

cb9844b937c6120fe88c5393cbd1f380.exe
Size

97KB
MD5

cb9844b937c6120fe88c5393cbd1f380
SHA1

ecee58c2f2b706d0164650a226b67da3d61f8d97
SHA256

b42e3612dd0c8b361288a7e67087ed618e73fb9554ddd0d0a953603a9b66f94d
SHA512

701272c8462f78552a7514a96f9c0ae432132e709447f84c8f668e0c706a9d53607166a39eb0b17343af5a6c5c95c1cac8762d40d356fa5a8881875027394d7f
SSDEEP

1536:TEikblh4WLb5oW9FnDH+fApdpTBvHir6aOvJ3zhB1Eq:PkblbLdo0DH+fKdp5Hy6a0z6q

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2372	1692	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 2372	1692	cb9844b937c6120fe88c5393cbd1f380.exe	28
PID 1692 wrote to memory of 2372	1692	cb9844b937c6120fe88c5393cbd1f380.exe	28
PID 1692 wrote to memory of 2372	1692	cb9844b937c6120fe88c5393cbd1f380.exe	28
PID 1692 wrote to memory of 2372	1692	cb9844b937c6120fe88c5393cbd1f380.exe	28

C:\Users\Admin\AppData\Local\Temp\cb9844b937c6120fe88c5393cbd1f380.exe
"C:\Users\Admin\AppData\Local\Temp\cb9844b937c6120fe88c5393cbd1f380.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 140
  2⤵
  - Program crash
  PID:2372

memory/1692-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/1692-1-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download