e642d8ef49460249581ca4d8f9a3baac0176963a2430263b6f9040f0cb17b488

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 16:39

Target

SecuriteInfo.com.Trojan.SMSSend.3907.9013.1965.exe
Size

48KB
MD5

c92037216614920f006f476b33edd27e
SHA1

6d3226769210b78875f4615da2c88dfdc64dcaa4
SHA256

e642d8ef49460249581ca4d8f9a3baac0176963a2430263b6f9040f0cb17b488
SHA512

f296e37684dc56f90e3df13e86fe2b54620ba75e9921eceeb3c6c00c0704f4232a7439ef527b4e04684d2937a08ade5721ea00734538b4a53e660d64bf1e2e5c
SSDEEP

768:QZ8qCbwsKAi/4whkz9mg4IZHbSOaX6Q4XNkjUElKPA6nk4Ptlkt3:Qg248hg4C96qEyJPc3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
804	2268	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 804	2268	SecuriteInfo.com.Trojan.SMSSend.3907.9013.1965.exe	28
PID 2268 wrote to memory of 804	2268	SecuriteInfo.com.Trojan.SMSSend.3907.9013.1965.exe	28
PID 2268 wrote to memory of 804	2268	SecuriteInfo.com.Trojan.SMSSend.3907.9013.1965.exe	28
PID 2268 wrote to memory of 804	2268	SecuriteInfo.com.Trojan.SMSSend.3907.9013.1965.exe	28

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.SMSSend.3907.9013.1965.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.SMSSend.3907.9013.1965.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 128
  2⤵
  - Program crash
  PID:804

memory/2268-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2268-1-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download