2a57fa0e264c30123d79d5a18397ff8ecfce4d9f58a5938c968ad3a9dd12e935

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 15:21

Target

613e8de3b5eba303bd2dc0b5d2f2f3df3586c0f63c31eb1f2c60f4e30e70dda6.exe
Size

1.2MB
MD5

78cdac30810324709d9ded08c4501f8d
SHA1

083f16342f0ef90d57321b873ad972a16b168f86
SHA256

613e8de3b5eba303bd2dc0b5d2f2f3df3586c0f63c31eb1f2c60f4e30e70dda6
SHA512

8b5e989df009891bf8178718e4fe9bf38e4f421c6295d1ebcc30eaa7762958a9009f7cfeadd18d508f7483e6fe043dad9a7181b6dc3b511fc205d35ae1e31890
SSDEEP

24576:VnBoveElInZKRPgiGilvvTd1YYWTsywSs6E:VBeInZKRPgiGiNYdTVm

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1508	1412	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 1508	1412	613e8de3b5eba303bd2dc0b5d2f2f3df3586c0f63c31eb1f2c60f4e30e70dda6.exe	28
PID 1412 wrote to memory of 1508	1412	613e8de3b5eba303bd2dc0b5d2f2f3df3586c0f63c31eb1f2c60f4e30e70dda6.exe	28
PID 1412 wrote to memory of 1508	1412	613e8de3b5eba303bd2dc0b5d2f2f3df3586c0f63c31eb1f2c60f4e30e70dda6.exe	28
PID 1412 wrote to memory of 1508	1412	613e8de3b5eba303bd2dc0b5d2f2f3df3586c0f63c31eb1f2c60f4e30e70dda6.exe	28

C:\Users\Admin\AppData\Local\Temp\613e8de3b5eba303bd2dc0b5d2f2f3df3586c0f63c31eb1f2c60f4e30e70dda6.exe
"C:\Users\Admin\AppData\Local\Temp\613e8de3b5eba303bd2dc0b5d2f2f3df3586c0f63c31eb1f2c60f4e30e70dda6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 116
  2⤵
  - Program crash
  PID:1508

memory/1412-0-0x00000000012C6000-0x00000000012C7000-memory.dmp

Filesize
4KB

Download