120b9ffdd3a10c2d764c81b4e8b12e0102ceb93a7bd21826003932d0450d9b30

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
02-04-2024 05:55

Target

WiFiScanner.exe
Size

10.7MB
MD5

e25c94fae888367a13213fbde3b31848
SHA1

c66d2011141465294884a3960a45d1b1dec334ed
SHA256

120b9ffdd3a10c2d764c81b4e8b12e0102ceb93a7bd21826003932d0450d9b30
SHA512

1985ef0e4581dc1f58535b813e4a3d823c04bc24b65b9a05c3dc4b6efb67d06570f5ab6d02d61a571cf0a29df6ef9ed89c27f0fc982c3da59e4fac5b87153755
SSDEEP

196608:tFfjwCBkyoikjCkeNYTcQwPHCkeNYTcQwcctTYCkeNYTcQw:nmylv7C

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
1184	2412	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

WiFiScanner.exe

description	pid	Process	procid_target
PID 2412 wrote to memory of 1184	2412	WiFiScanner.exe	28
PID 2412 wrote to memory of 1184	2412	WiFiScanner.exe	28
PID 2412 wrote to memory of 1184	2412	WiFiScanner.exe	28
PID 2412 wrote to memory of 1184	2412	WiFiScanner.exe	28

C:\Users\Admin\AppData\Local\Temp\WiFiScanner.exe
"C:\Users\Admin\AppData\Local\Temp\WiFiScanner.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 660
  2⤵
  - Program crash
  PID:1184

memory/2412-0-0x0000000074C20000-0x000000007530E000-memory.dmp

Filesize
6.9MB

Download
memory/2412-1-0x0000000000010000-0x0000000000AC2000-memory.dmp

Filesize
10.7MB

Download
memory/2412-2-0x0000000005860000-0x00000000058A0000-memory.dmp

Filesize
256KB

Download
memory/2412-3-0x0000000074C20000-0x000000007530E000-memory.dmp

Filesize
6.9MB

Download
memory/2412-4-0x0000000005860000-0x00000000058A0000-memory.dmp

Filesize
256KB

Download