2fa961b375e2da330a3b514d2c64bff25f393a2a58adb19f2372609308426060

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 14:38

Target

604faa1b561362f508b03ad69516b2debf7434ce4ec5f42177ba41cf3907cbed.exe
Size

1.2MB
MD5

16b7af3083fac493eac54ee538577c48
SHA1

1ef2e6b67099fc395003b84a9a204944190d90fe
SHA256

604faa1b561362f508b03ad69516b2debf7434ce4ec5f42177ba41cf3907cbed
SHA512

8169e8b0459ee101fa0cb349b68909ddc13ed9acaf11cc533a2fc2585ced4a8508a956565fa525d6a87f787b4f104035efce40158eed9b8a86138e7c26b8ee46
SSDEEP

24576:Eb65d297HFpZVrMWP3LLaK1iU4ecMC7GaUiaNQlY:EusFpZVrMWlE6CCTN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2204	1976	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2204	1976	604faa1b561362f508b03ad69516b2debf7434ce4ec5f42177ba41cf3907cbed.exe	28
PID 1976 wrote to memory of 2204	1976	604faa1b561362f508b03ad69516b2debf7434ce4ec5f42177ba41cf3907cbed.exe	28
PID 1976 wrote to memory of 2204	1976	604faa1b561362f508b03ad69516b2debf7434ce4ec5f42177ba41cf3907cbed.exe	28
PID 1976 wrote to memory of 2204	1976	604faa1b561362f508b03ad69516b2debf7434ce4ec5f42177ba41cf3907cbed.exe	28

C:\Users\Admin\AppData\Local\Temp\604faa1b561362f508b03ad69516b2debf7434ce4ec5f42177ba41cf3907cbed.exe
"C:\Users\Admin\AppData\Local\Temp\604faa1b561362f508b03ad69516b2debf7434ce4ec5f42177ba41cf3907cbed.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 116
  2⤵
  - Program crash
  PID:2204

memory/1976-0-0x0000000000B12000-0x0000000000B13000-memory.dmp

Filesize
4KB

Download