a2234ee40097fa832eb3a533840e86de3933cf216fbf8445d2946cb7b61c887b

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 13:03

Target

a2234ee40097fa832eb3a533840e86de3933cf216fbf8445d2946cb7b61c887b.exe
Size

1.3MB
MD5

70ef45cb31af0b6f37be051de4170839
SHA1

1539d0c2657b60a8f75d130faf4ae1468263d103
SHA256

a2234ee40097fa832eb3a533840e86de3933cf216fbf8445d2946cb7b61c887b
SHA512

f9ec1b19e701fa27e7c4060cd22b99cbb4d710e909f97839c4bfb5b1e70d6216b20a19f6b302cbd0f39cd58a8a42c8d6f91154281fee0676720ae85501df36aa
SSDEEP

24576:PQH3XnBXnXwS64TJxaAZNdaV9m7R4OaJR+zrwC/vNw6mpe:PQHHBXVd4A1bD

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2188	2264	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2188	2264	a2234ee40097fa832eb3a533840e86de3933cf216fbf8445d2946cb7b61c887b.exe	28
PID 2264 wrote to memory of 2188	2264	a2234ee40097fa832eb3a533840e86de3933cf216fbf8445d2946cb7b61c887b.exe	28
PID 2264 wrote to memory of 2188	2264	a2234ee40097fa832eb3a533840e86de3933cf216fbf8445d2946cb7b61c887b.exe	28
PID 2264 wrote to memory of 2188	2264	a2234ee40097fa832eb3a533840e86de3933cf216fbf8445d2946cb7b61c887b.exe	28

C:\Users\Admin\AppData\Local\Temp\a2234ee40097fa832eb3a533840e86de3933cf216fbf8445d2946cb7b61c887b.exe
"C:\Users\Admin\AppData\Local\Temp\a2234ee40097fa832eb3a533840e86de3933cf216fbf8445d2946cb7b61c887b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 540
  2⤵
  - Program crash
  PID:2188

memory/2264-0-0x0000000001060000-0x00000000011BA000-memory.dmp

Filesize
1.4MB

Download
memory/2264-1-0x0000000073EE0000-0x00000000745CE000-memory.dmp

Filesize
6.9MB

Download
memory/2264-2-0x0000000073EE0000-0x00000000745CE000-memory.dmp

Filesize
6.9MB

Download