f6a395732f5dfe45c1b53e1a544f31826d5f310499de2170e9064ac9605a913e

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 18:21

Target

9c51d813e0b6dfff0694c63e6d13665bb46ddf09cedb2159d701913f09142374.exe
Size

1.2MB
MD5

2147c11ffa13334a34f408d09dcf41c0
SHA1

a8d54ee44c76e334ed711da869eabbb138edc075
SHA256

9c51d813e0b6dfff0694c63e6d13665bb46ddf09cedb2159d701913f09142374
SHA512

491312f8f9c40fc85b5ec96b1c35515e401c61c42c126ec4d9ea44a01cb2e555b4c653fa5f4add5303ae28f1d11a02d301f850af8125e0803fc8c6abbe1223d3
SSDEEP

24576:aFbBVjq4OlBp29oNIn8iagVCU8ubYEobt2j:ax8lBp29oNMYuwtc

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2208	2104	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2208	2104	9c51d813e0b6dfff0694c63e6d13665bb46ddf09cedb2159d701913f09142374.exe	28
PID 2104 wrote to memory of 2208	2104	9c51d813e0b6dfff0694c63e6d13665bb46ddf09cedb2159d701913f09142374.exe	28
PID 2104 wrote to memory of 2208	2104	9c51d813e0b6dfff0694c63e6d13665bb46ddf09cedb2159d701913f09142374.exe	28
PID 2104 wrote to memory of 2208	2104	9c51d813e0b6dfff0694c63e6d13665bb46ddf09cedb2159d701913f09142374.exe	28

C:\Users\Admin\AppData\Local\Temp\9c51d813e0b6dfff0694c63e6d13665bb46ddf09cedb2159d701913f09142374.exe
"C:\Users\Admin\AppData\Local\Temp\9c51d813e0b6dfff0694c63e6d13665bb46ddf09cedb2159d701913f09142374.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 116
  2⤵
  - Program crash
  PID:2208

memory/2104-0-0x0000000000439000-0x000000000043B000-memory.dmp

Filesize
8KB

Download