7d9a782e407aa7479de60d21e51d903b5c6807e1588a2ba80bd57755ac508c22

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 01:42

Target

7d9a782e407aa7479de60d21e51d903b5c6807e1588a2ba80bd57755ac508c22.exe
Size

897KB
MD5

79a8e0b9dc77d7fa0e3d76e5c24e4610
SHA1

20260773744062f9bd729dac49414ad70eba435e
SHA256

7d9a782e407aa7479de60d21e51d903b5c6807e1588a2ba80bd57755ac508c22
SHA512

c23498d4d9d3d06e347619f9b1d2c55e41a0fbf6197640d45303abe01593d14e5aad88aeea42e851e6b2fd726ec6d7eaeb6afe49e5188e58d1d2736a34092c80
SSDEEP

12288:1EtsXuc2tZHp4nKhQ/CxQ0nAej0aHgS3gCRIHW842ZKf5q+Q9CLCVCICB0:1EmQHeqDnAPQhX842ZKc+skqT80

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2376	1376	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 2376	1376	7d9a782e407aa7479de60d21e51d903b5c6807e1588a2ba80bd57755ac508c22.exe	28
PID 1376 wrote to memory of 2376	1376	7d9a782e407aa7479de60d21e51d903b5c6807e1588a2ba80bd57755ac508c22.exe	28
PID 1376 wrote to memory of 2376	1376	7d9a782e407aa7479de60d21e51d903b5c6807e1588a2ba80bd57755ac508c22.exe	28
PID 1376 wrote to memory of 2376	1376	7d9a782e407aa7479de60d21e51d903b5c6807e1588a2ba80bd57755ac508c22.exe	28

C:\Users\Admin\AppData\Local\Temp\7d9a782e407aa7479de60d21e51d903b5c6807e1588a2ba80bd57755ac508c22.exe
"C:\Users\Admin\AppData\Local\Temp\7d9a782e407aa7479de60d21e51d903b5c6807e1588a2ba80bd57755ac508c22.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 552
  2⤵
  - Program crash
  PID:2376

memory/1376-0-0x0000000074D0E000-0x0000000074D0F000-memory.dmp

Filesize
4KB

Download
memory/1376-1-0x00000000001C0000-0x00000000002A6000-memory.dmp

Filesize
920KB

Download
memory/1376-2-0x0000000074D0E000-0x0000000074D0F000-memory.dmp

Filesize
4KB

Download