9cb77f0efcd5c36b24e95b3c70a2a0603369b57e39ce9f294d918bc99b9ea05a

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 09:51

Target

e161eb544c9e464bba827ebe065ab40b.exe
Size

123KB
MD5

e161eb544c9e464bba827ebe065ab40b
SHA1

873b9d06276a90358f0306c19753ec32b8c1771b
SHA256

9cb77f0efcd5c36b24e95b3c70a2a0603369b57e39ce9f294d918bc99b9ea05a
SHA512

614fbeadc09c441f3f2deb31d4d9f0b07bd3c771c1f3df119ddcc3979f3045c61c5bc74f4e23dfd153009625592e42e035c1ce6ecd62e08ee9dba72641f55790
SSDEEP

3072:bDmU7/ysVrZ2Md5R6Hp5ZYGTypyHFjmKTbDrEGRHY0:HmkaEdnyp5WGT+ImKPXR40

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1384	2216	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 1384	2216	e161eb544c9e464bba827ebe065ab40b.exe	28
PID 2216 wrote to memory of 1384	2216	e161eb544c9e464bba827ebe065ab40b.exe	28
PID 2216 wrote to memory of 1384	2216	e161eb544c9e464bba827ebe065ab40b.exe	28
PID 2216 wrote to memory of 1384	2216	e161eb544c9e464bba827ebe065ab40b.exe	28

C:\Users\Admin\AppData\Local\Temp\e161eb544c9e464bba827ebe065ab40b.exe
"C:\Users\Admin\AppData\Local\Temp\e161eb544c9e464bba827ebe065ab40b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 92
  2⤵
  - Program crash
  PID:1384

memory/2216-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2216-1-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2216-2-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2216-3-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2216-4-0x0000000000220000-0x0000000000240000-memory.dmp

Filesize
128KB

Download