279f70f8d613b56d7e1e54fd07d90966ea748150ec126cc0f478f98f3d820b20

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-03-2024 17:47

Target

Uninstall.exe
Size

264KB
MD5

54221bb5ad6bdd8754f1af444ee653dc
SHA1

5637874c59d44f0c825525adfc6a26fe99b5ee40
SHA256

06602741f0c4e31c03f402c3e5f97bb5e962ec8de695e1771f7c224532353de2
SHA512

184e79abb9bb79ed59e1620d9c45a0513ef61fb318f9c0cc05f169a24092a240b8e59726995a02efeef7ccd564b24db4ba930024f3dd8c23fa686e7aead4bad5
SSDEEP

3072:Lfi3kJoZjDh1duijc/s/Lm1NN5rv3KYnCeAF41C7DqFwiW7JY6ajJJ70+n6Xi:LfLJoZ57p/LmraeAFuyIW7N+Oi

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2832	2340	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2832	2340	Uninstall.exe	28
PID 2340 wrote to memory of 2832	2340	Uninstall.exe	28
PID 2340 wrote to memory of 2832	2340	Uninstall.exe	28
PID 2340 wrote to memory of 2832	2340	Uninstall.exe	28

C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 160
  2⤵
  - Program crash
  PID:2832