9805f81a13aaa68a2026a38b70b1fdd1d76fee0ff63916c669d728c6e4dc3b7e

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 17:47

Target

c567fbb4ecb66496889cc136a63ac18310c18ecd83880c4c83fb29e71c63d51d.exe
Size

306KB
MD5

5289c70cd98e713d4074b37ccdb48139
SHA1

6711a067f0228f67e0585df2ca478b361124244c
SHA256

c567fbb4ecb66496889cc136a63ac18310c18ecd83880c4c83fb29e71c63d51d
SHA512

4819dbc5b0fd6b56eaa5a45adb78db8a62982fd7bcf127decf0a41254ae5b9d572cfbfd1fd08038cf1083d0e788f53f476d583600169b8eb537811ab8ceb8b00
SSDEEP

6144:1oZd9vSWh60RVAtljy11wMChzxz2+aPie45e8q/4I1mupJyL985:CZiWhHWVbFaKeb8q/4uf7yL985

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2368	856	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 2368	856	c567fbb4ecb66496889cc136a63ac18310c18ecd83880c4c83fb29e71c63d51d.exe	28
PID 856 wrote to memory of 2368	856	c567fbb4ecb66496889cc136a63ac18310c18ecd83880c4c83fb29e71c63d51d.exe	28
PID 856 wrote to memory of 2368	856	c567fbb4ecb66496889cc136a63ac18310c18ecd83880c4c83fb29e71c63d51d.exe	28
PID 856 wrote to memory of 2368	856	c567fbb4ecb66496889cc136a63ac18310c18ecd83880c4c83fb29e71c63d51d.exe	28

C:\Users\Admin\AppData\Local\Temp\c567fbb4ecb66496889cc136a63ac18310c18ecd83880c4c83fb29e71c63d51d.exe
"C:\Users\Admin\AppData\Local\Temp\c567fbb4ecb66496889cc136a63ac18310c18ecd83880c4c83fb29e71c63d51d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 88
  2⤵
  - Program crash
  PID:2368

memory/856-0-0x0000000001188000-0x0000000001189000-memory.dmp

Filesize
4KB

Download