403f2bc5c6eb0c1920c5785daa9620e910ff4e89b7f53d719e7e14c7557552c2

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-03-2024 08:51

Target

db36221937e7d6444a2123f6cc4b3193.exe
Size

296KB
MD5

db36221937e7d6444a2123f6cc4b3193
SHA1

4c446f4f7d78cb4ae45dc4fba2b1895a78a505b7
SHA256

403f2bc5c6eb0c1920c5785daa9620e910ff4e89b7f53d719e7e14c7557552c2
SHA512

0712109f71c20e797421e27d424478c1693df7c005f6ad0b72f4aa64ba613210f163b31913b3cacda4914557d81a4794431fff3e764479e4de729627ed83e2e7
SSDEEP

3072:JHBXjAJM1Qorw2nE/YmmyAY1VHYCdD43fJLRZaimmwBRspAdM1bg0+SElYhfPZ3h:JlEMMmZYHYuD6flaFwsFkhn

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2572 2956 WerFault.exe db36221937e7d6444a2123f6cc4b3193.exe

pid	pid_target	process	target process
2572	2956	WerFault.exe	db36221937e7d6444a2123f6cc4b3193.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

db36221937e7d6444a2123f6cc4b3193.exe

description	pid	process	target process
PID 2956 wrote to memory of 2572	2956	db36221937e7d6444a2123f6cc4b3193.exe	WerFault.exe
PID 2956 wrote to memory of 2572	2956	db36221937e7d6444a2123f6cc4b3193.exe	WerFault.exe
PID 2956 wrote to memory of 2572	2956	db36221937e7d6444a2123f6cc4b3193.exe	WerFault.exe
PID 2956 wrote to memory of 2572	2956	db36221937e7d6444a2123f6cc4b3193.exe	WerFault.exe
PID 2956 wrote to memory of 2584	2956	db36221937e7d6444a2123f6cc4b3193.exe	db36221937e7d6444a2123f6cc4b3193.exe
PID 2956 wrote to memory of 2584	2956	db36221937e7d6444a2123f6cc4b3193.exe	db36221937e7d6444a2123f6cc4b3193.exe
PID 2956 wrote to memory of 2584	2956	db36221937e7d6444a2123f6cc4b3193.exe	db36221937e7d6444a2123f6cc4b3193.exe
PID 2956 wrote to memory of 2584	2956	db36221937e7d6444a2123f6cc4b3193.exe	db36221937e7d6444a2123f6cc4b3193.exe

C:\Users\Admin\AppData\Local\Temp\db36221937e7d6444a2123f6cc4b3193.exe
"C:\Users\Admin\AppData\Local\Temp\db36221937e7d6444a2123f6cc4b3193.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 132
  2⤵
  - Program crash
  PID:2572
- C:\Users\Admin\AppData\Local\Temp\db36221937e7d6444a2123f6cc4b3193.exe
  "C:\Users\Admin\AppData\Local\Temp\db36221937e7d6444a2123f6cc4b3193.exe"
  2⤵
  PID:2584

memory/2584-3-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2956-0-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2956-1-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2956-2-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download