df50e88cdc283283db23658c52adb6d37e55d4a38da81d63be2c23c190e6d979

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 17:57

Target

19408d20edf49736ff3e86b9c52dcd2bf4b3da61eff72888392b2de04e27351b.exe
Size

306KB
MD5

b309c1dadd09e6991ed90c6ccac7badb
SHA1

845485b9ae931e443c488e65d44cb2bc4ce48e99
SHA256

19408d20edf49736ff3e86b9c52dcd2bf4b3da61eff72888392b2de04e27351b
SHA512

3ed5e276f089e112169d41de199b35ff81055913b5d17c2edc6e1d4087e4aaf594662d6b62ef96d9da67865b641d2ea09166d90139a9b5e0f98bac9ff0c0bbd6
SSDEEP

6144:t7Zt9vSWh60RVAtljy114ZGaWCk1LixTtG3Xzd8nn+OJyL98p:5ZSWhH+Z81+Gzunn+qyL98p

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2816	1668	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 2816	1668	19408d20edf49736ff3e86b9c52dcd2bf4b3da61eff72888392b2de04e27351b.exe	28
PID 1668 wrote to memory of 2816	1668	19408d20edf49736ff3e86b9c52dcd2bf4b3da61eff72888392b2de04e27351b.exe	28
PID 1668 wrote to memory of 2816	1668	19408d20edf49736ff3e86b9c52dcd2bf4b3da61eff72888392b2de04e27351b.exe	28
PID 1668 wrote to memory of 2816	1668	19408d20edf49736ff3e86b9c52dcd2bf4b3da61eff72888392b2de04e27351b.exe	28

C:\Users\Admin\AppData\Local\Temp\19408d20edf49736ff3e86b9c52dcd2bf4b3da61eff72888392b2de04e27351b.exe
"C:\Users\Admin\AppData\Local\Temp\19408d20edf49736ff3e86b9c52dcd2bf4b3da61eff72888392b2de04e27351b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 88
  2⤵
  - Program crash
  PID:2816

memory/1668-0-0x0000000001128000-0x0000000001129000-memory.dmp

Filesize
4KB

Download