a6f3385452c3e02cf67a6308113c7501ed40ad71e6009cd319c8e4689617e68a

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/03/2024, 02:38

Target

d7acd0ace8c9c4edc021724d6acc9d8d.exe
Size

96KB
MD5

d7acd0ace8c9c4edc021724d6acc9d8d
SHA1

96b7b214b8eaeb0fc71bc34d4ee1f86989021d93
SHA256

a6f3385452c3e02cf67a6308113c7501ed40ad71e6009cd319c8e4689617e68a
SHA512

4ca36dde4137e4216d80f50d5aac60b6c36866c6d84918874f61b608ac57ffdef5b3971507ed8d0190ebb72beb224146984e27fb6416971b2f35f9934b51e6f5
SSDEEP

1536:dtjtioHWCnCjXY7WpATNYxluOBchSWSNtNE/uWY4njnB5:dxT23jXpw8lpWSNA//ZnX

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2696	2128	WerFault.exe	27

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2128	d7acd0ace8c9c4edc021724d6acc9d8d.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2696	2128	d7acd0ace8c9c4edc021724d6acc9d8d.exe	28
PID 2128 wrote to memory of 2696	2128	d7acd0ace8c9c4edc021724d6acc9d8d.exe	28
PID 2128 wrote to memory of 2696	2128	d7acd0ace8c9c4edc021724d6acc9d8d.exe	28
PID 2128 wrote to memory of 2696	2128	d7acd0ace8c9c4edc021724d6acc9d8d.exe	28
PID 2128 wrote to memory of 2696	2128	d7acd0ace8c9c4edc021724d6acc9d8d.exe	28
PID 2128 wrote to memory of 2696	2128	d7acd0ace8c9c4edc021724d6acc9d8d.exe	28
PID 2128 wrote to memory of 2696	2128	d7acd0ace8c9c4edc021724d6acc9d8d.exe	28

C:\Users\Admin\AppData\Local\Temp\d7acd0ace8c9c4edc021724d6acc9d8d.exe
"C:\Users\Admin\AppData\Local\Temp\d7acd0ace8c9c4edc021724d6acc9d8d.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 308
  2⤵
  - Program crash
  PID:2696

memory/2128-0-0x00000000002B0000-0x00000000002C3000-memory.dmp

Filesize
76KB

Download
memory/2128-1-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2128-2-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download