3579246cad07a0f8a264dd3c4eebaae61d4a5682008ac0ead6e911861a0bcd28

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 10:12

Target

3579246cad07a0f8a264dd3c4eebaae61d4a5682008ac0ead6e911861a0bcd28.exe
Size

2.7MB
MD5

9fba10a1fb3bd3b608ac5b273d44709c
SHA1

44f08ae0e2df6d9738597284edac89b6143c1588
SHA256

3579246cad07a0f8a264dd3c4eebaae61d4a5682008ac0ead6e911861a0bcd28
SHA512

2b54a28064d1363a791ac35ed2c34b5d33abc0cf29deb000b054f336287b1f403b70bf372a6efc2b6bb8ed723365fa7a4dbfc8189104123f7ab42fbc424c3508
SSDEEP

49152:kcsMNyhifhPN5aIj/6NFbL5XX+pVDdkgPxDMJu49Ne/KyFv:XN3pPNYwSXL5sDf5DMJuog/Km

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2840	1504	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 2840	1504	3579246cad07a0f8a264dd3c4eebaae61d4a5682008ac0ead6e911861a0bcd28.exe	28
PID 1504 wrote to memory of 2840	1504	3579246cad07a0f8a264dd3c4eebaae61d4a5682008ac0ead6e911861a0bcd28.exe	28
PID 1504 wrote to memory of 2840	1504	3579246cad07a0f8a264dd3c4eebaae61d4a5682008ac0ead6e911861a0bcd28.exe	28
PID 1504 wrote to memory of 2840	1504	3579246cad07a0f8a264dd3c4eebaae61d4a5682008ac0ead6e911861a0bcd28.exe	28

C:\Users\Admin\AppData\Local\Temp\3579246cad07a0f8a264dd3c4eebaae61d4a5682008ac0ead6e911861a0bcd28.exe
"C:\Users\Admin\AppData\Local\Temp\3579246cad07a0f8a264dd3c4eebaae61d4a5682008ac0ead6e911861a0bcd28.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 88
  2⤵
  - Program crash
  PID:2840

memory/1504-0-0x0000000000FE0000-0x000000000128D000-memory.dmp

Filesize
2.7MB

Download