6b963416dfbca00a14c58ca5a90c1221b517d6d3c545fcf1ec1b712d62323b6a

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 20:14

Target

b080ac4f95b55fddba73806add9cbdcb.exe
Size

60KB
MD5

b080ac4f95b55fddba73806add9cbdcb
SHA1

da04f754d252788ffe4a0498e6ad66db40a60c7b
SHA256

6b963416dfbca00a14c58ca5a90c1221b517d6d3c545fcf1ec1b712d62323b6a
SHA512

be17ef9276460ea45d3485fd1712e7016a36b4178a006790b409cda687d3e5f84e224dce9112634fb4021a513eb51c1f8d10d5bc21bc89c926a4a98c9e8c6361
SSDEEP

768:9ShNo1A22+KOSPRzNSKTB2IO4PIIuYUh61wTaeD8jXoapuLX8fWIRu83EJT+4PIV:96LL+KOSF7pIvgwTahXXti5IvgwT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2768	2576	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 2768	2576	b080ac4f95b55fddba73806add9cbdcb.exe	29
PID 2576 wrote to memory of 2768	2576	b080ac4f95b55fddba73806add9cbdcb.exe	29
PID 2576 wrote to memory of 2768	2576	b080ac4f95b55fddba73806add9cbdcb.exe	29
PID 2576 wrote to memory of 2768	2576	b080ac4f95b55fddba73806add9cbdcb.exe	29

C:\Users\Admin\AppData\Local\Temp\b080ac4f95b55fddba73806add9cbdcb.exe
"C:\Users\Admin\AppData\Local\Temp\b080ac4f95b55fddba73806add9cbdcb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 552
  2⤵
  - Program crash
  PID:2768

memory/2576-0-0x00000000009E0000-0x00000000009F4000-memory.dmp

Filesize
80KB

Download
memory/2576-1-0x0000000074640000-0x0000000074D2E000-memory.dmp

Filesize
6.9MB

Download
memory/2576-2-0x0000000074640000-0x0000000074D2E000-memory.dmp

Filesize
6.9MB

Download