7d410d6cb63e94a97e6688255ca56279bac5cacc70d37f91986f2235ce99ef8e

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 18:05 UTC

Target

2faa75c50b323133e8cbf507e6a3a4846097090d2e2c1a5afb174f798ee42a6d.exe
Size

1.2MB
MD5

fb2fec42f81a255012c589b29e4f086e
SHA1

99110b60ce21039ed15f571a46159ed2409d2ead
SHA256

2faa75c50b323133e8cbf507e6a3a4846097090d2e2c1a5afb174f798ee42a6d
SHA512

0c36b9af63f1e1aef4cd1146c9b99902fcc8ca3bd61228b163336f10085170ae31889dc1837ca0b1c547818e4bf4b60450ff1b7599b324ac22bae8290fd5e3da
SSDEEP

24576:EXixqeljPl1pVbGqvHnoPa+YioUMMn/NNT2CPQ6:EyTl1pVbGqsuM/L

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2320	1960	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2320	1960	2faa75c50b323133e8cbf507e6a3a4846097090d2e2c1a5afb174f798ee42a6d.exe	28
PID 1960 wrote to memory of 2320	1960	2faa75c50b323133e8cbf507e6a3a4846097090d2e2c1a5afb174f798ee42a6d.exe	28
PID 1960 wrote to memory of 2320	1960	2faa75c50b323133e8cbf507e6a3a4846097090d2e2c1a5afb174f798ee42a6d.exe	28
PID 1960 wrote to memory of 2320	1960	2faa75c50b323133e8cbf507e6a3a4846097090d2e2c1a5afb174f798ee42a6d.exe	28

C:\Users\Admin\AppData\Local\Temp\2faa75c50b323133e8cbf507e6a3a4846097090d2e2c1a5afb174f798ee42a6d.exe
"C:\Users\Admin\AppData\Local\Temp\2faa75c50b323133e8cbf507e6a3a4846097090d2e2c1a5afb174f798ee42a6d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 116
  2⤵
  - Program crash
  PID:2320

memory/1960-0-0x0000000000298000-0x000000000029A000-memory.dmp

Filesize
8KB

Download