902ae2401d8b52e36263fb7e450573897c81268482fec3be9e720bc8da5bb637

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 14:15

Target

df5d7c4cb6ec3fa51d47c00588b11828.exe
Size

41KB
MD5

df5d7c4cb6ec3fa51d47c00588b11828
SHA1

568569742fd7aae4f891d7559ccda6cf86db0c49
SHA256

902ae2401d8b52e36263fb7e450573897c81268482fec3be9e720bc8da5bb637
SHA512

a9f8fd6bb9ebad7a70801b18387449b8f10d8abfd24b159bed917733fc07d43583091e2086bfe748be7f0aaa6b24e7733d57807075d295bb9d871df8b73be120
SSDEEP

768:sFBl/oBjdHtIaQsm8KR2ke0LzEyf9yAj5cF8PpbliXXxZ1kI3OS9l3xm:sFXsjHIaQYKR2kPLzff9HtcF8Jlinb1d

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1636	2164	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 1636	2164	df5d7c4cb6ec3fa51d47c00588b11828.exe	28
PID 2164 wrote to memory of 1636	2164	df5d7c4cb6ec3fa51d47c00588b11828.exe	28
PID 2164 wrote to memory of 1636	2164	df5d7c4cb6ec3fa51d47c00588b11828.exe	28
PID 2164 wrote to memory of 1636	2164	df5d7c4cb6ec3fa51d47c00588b11828.exe	28

C:\Users\Admin\AppData\Local\Temp\df5d7c4cb6ec3fa51d47c00588b11828.exe
"C:\Users\Admin\AppData\Local\Temp\df5d7c4cb6ec3fa51d47c00588b11828.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 88
  2⤵
  - Program crash
  PID:1636

memory/2164-0-0x0000000000400000-0x0000000000422146-memory.dmp

Filesize
136KB

Download
memory/2164-1-0x0000000000400000-0x0000000000422146-memory.dmp

Filesize
136KB

Download