080bc1b64561cf736cc2f559fee970441a5e4a5fdb8683779ad70209a5029e67

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 17:11

Target

080bc1b64561cf736cc2f559fee970441a5e4a5fdb8683779ad70209a5029e67.exe
Size

526KB
MD5

7646cbbc3c1468d8ac89388bcae0343a
SHA1

9cca5c5178f064508f3e59feb46662ed9933c4fe
SHA256

080bc1b64561cf736cc2f559fee970441a5e4a5fdb8683779ad70209a5029e67
SHA512

a4430d100462702b300d27fa880ce8cebccd3575344b694913adca5aef8a1aca595edffbb0cec480e6db173dffaaff8ae2967067f11e381c9b912cb27f33b791
SSDEEP

3072:wCaoAs101Pol0xPTM7mRCAdJSSxPUkl3VZMQTCk/dN92sdNhavtrVdewnAx3wmVJ:wqDAwl0xPTMiR9JSSxPUK1dodHg

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2772	2956	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2772	2956	080bc1b64561cf736cc2f559fee970441a5e4a5fdb8683779ad70209a5029e67.exe	28
PID 2956 wrote to memory of 2772	2956	080bc1b64561cf736cc2f559fee970441a5e4a5fdb8683779ad70209a5029e67.exe	28
PID 2956 wrote to memory of 2772	2956	080bc1b64561cf736cc2f559fee970441a5e4a5fdb8683779ad70209a5029e67.exe	28
PID 2956 wrote to memory of 2772	2956	080bc1b64561cf736cc2f559fee970441a5e4a5fdb8683779ad70209a5029e67.exe	28

C:\Users\Admin\AppData\Local\Temp\080bc1b64561cf736cc2f559fee970441a5e4a5fdb8683779ad70209a5029e67.exe
"C:\Users\Admin\AppData\Local\Temp\080bc1b64561cf736cc2f559fee970441a5e4a5fdb8683779ad70209a5029e67.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 36
  2⤵
  - Program crash
  PID:2772