0fcb0baa1d5f4c28be03a149da28c35b2583fdd341d64880ed003a2f11999287

Analysis

max time kernel
118s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 17:34

Target

0fcb0baa1d5f4c28be03a149da28c35b2583fdd341d64880ed003a2f11999287.exe
Size

312KB
MD5

52c3dfb723d7fd56faf407265395f692
SHA1

a92282929f19f35c2015e2cdc998c032398986e1
SHA256

0fcb0baa1d5f4c28be03a149da28c35b2583fdd341d64880ed003a2f11999287
SHA512

972fd32bbcb1e0844a27331ca0e6669f29246d1d64e5a0e3402faa77a93a8045e969a4f59c507813ec732fd1adc3bd60240b71db060fa43828f023f4c3718c69
SSDEEP

6144:3n4erebjhzZPo9Qg663gPlFieD888888888888W88888888888m:3n3Mjhy9QTh888888888888W88888882

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2072	2172	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2072	2172	0fcb0baa1d5f4c28be03a149da28c35b2583fdd341d64880ed003a2f11999287.exe	27
PID 2172 wrote to memory of 2072	2172	0fcb0baa1d5f4c28be03a149da28c35b2583fdd341d64880ed003a2f11999287.exe	27
PID 2172 wrote to memory of 2072	2172	0fcb0baa1d5f4c28be03a149da28c35b2583fdd341d64880ed003a2f11999287.exe	27
PID 2172 wrote to memory of 2072	2172	0fcb0baa1d5f4c28be03a149da28c35b2583fdd341d64880ed003a2f11999287.exe	27

C:\Users\Admin\AppData\Local\Temp\0fcb0baa1d5f4c28be03a149da28c35b2583fdd341d64880ed003a2f11999287.exe
"C:\Users\Admin\AppData\Local\Temp\0fcb0baa1d5f4c28be03a149da28c35b2583fdd341d64880ed003a2f11999287.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 36
  2⤵
  - Program crash
  PID:2072