77ec9698c06b8ce7e4a7bb2b9d2c6aca9e0dee3221e9e9518d0f6e7b15254914

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
05-05-2024 01:12

Target

77ec9698c06b8ce7e4a7bb2b9d2c6aca9e0dee3221e9e9518d0f6e7b15254914.exe
Size

108KB
MD5

89192dcb07894c826b49aae5ced01539
SHA1

4a1e76308dfc410729302d174cf723f8771ce73c
SHA256

77ec9698c06b8ce7e4a7bb2b9d2c6aca9e0dee3221e9e9518d0f6e7b15254914
SHA512

6e919070592b49fb0e44736a93fe8f40c7e5cd3e40e2ec3e0b861db1f4022d022597f011ecd0ee6a9d52d339bb37a07cc094a166e4c0d98c3d0f1bed226f18b4
SSDEEP

1536:F0SNVjaBhazNuNHrgANsZxikCkZB5cVGpG2skiVzUn1iYfgaon4C7UqJq+:/aBMzP+hkZDcVx2skit6onN7UqJq

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2868	1888	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2868	1888	77ec9698c06b8ce7e4a7bb2b9d2c6aca9e0dee3221e9e9518d0f6e7b15254914.exe	28
PID 1888 wrote to memory of 2868	1888	77ec9698c06b8ce7e4a7bb2b9d2c6aca9e0dee3221e9e9518d0f6e7b15254914.exe	28
PID 1888 wrote to memory of 2868	1888	77ec9698c06b8ce7e4a7bb2b9d2c6aca9e0dee3221e9e9518d0f6e7b15254914.exe	28
PID 1888 wrote to memory of 2868	1888	77ec9698c06b8ce7e4a7bb2b9d2c6aca9e0dee3221e9e9518d0f6e7b15254914.exe	28

C:\Users\Admin\AppData\Local\Temp\77ec9698c06b8ce7e4a7bb2b9d2c6aca9e0dee3221e9e9518d0f6e7b15254914.exe
"C:\Users\Admin\AppData\Local\Temp\77ec9698c06b8ce7e4a7bb2b9d2c6aca9e0dee3221e9e9518d0f6e7b15254914.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 36
  2⤵
  - Program crash
  PID:2868