151141d42b5ce9dc05d02c78f72c007b03147e763c48f0c98c936a2b681d2f94

Analysis

max time kernel
152s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 08:19

Target

e13592f601074bf32bddf6ad859c11ae.exe
Size

553KB
MD5

e13592f601074bf32bddf6ad859c11ae
SHA1

875586167568662052a9d20e8b1074cb6e9bddad
SHA256

151141d42b5ce9dc05d02c78f72c007b03147e763c48f0c98c936a2b681d2f94
SHA512

73180872b7358f827bc50363a54b48b85ad8daa3e264c7be36d9eddc00293f8b07054c4b9154e5fbf97369bc1968ec756208b5b48e314b20ef917e6416c3f8e8
SSDEEP

12288:UZYvTElm9MDeoeWyQqlwfJ3VdOD7PMTzBDKrccj9/taasvMd:UZkYlm9MKoeWWyR/JWVEE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2460	844	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 2460	844	e13592f601074bf32bddf6ad859c11ae.exe	28
PID 844 wrote to memory of 2460	844	e13592f601074bf32bddf6ad859c11ae.exe	28
PID 844 wrote to memory of 2460	844	e13592f601074bf32bddf6ad859c11ae.exe	28
PID 844 wrote to memory of 2460	844	e13592f601074bf32bddf6ad859c11ae.exe	28

C:\Users\Admin\AppData\Local\Temp\e13592f601074bf32bddf6ad859c11ae.exe
"C:\Users\Admin\AppData\Local\Temp\e13592f601074bf32bddf6ad859c11ae.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:844
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 36
  2⤵
  - Program crash
  PID:2460

memory/844-0-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download