c5a3dbeea17ddba50482e7844a817171580f977dcea9ad7b655d39a934b93b93

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 12:29

Target

1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe
Size

294KB
MD5

19b2c4ee9781e95ecd5db74de6fef0a9
SHA1

fd5f11a55b1d7be9afc06faa72b27d6d19706c17
SHA256

1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851
SHA512

ea137d3330c7fbdca25da29639447211fb36ca49f8e77f38b2b6428adae63ee097ce1564fd4edc0742b39c13854d868dc87f8f08bfa9b5698ad2149a7c1843ef
SSDEEP

6144:hTwlNlUt5IpFvjcFRh2/GpOZMNG5L3cYp8eesbZ6O0:QlUt5IpJMLp8J3N8eesbIO0

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1912 2008 WerFault.exe 1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe

pid	pid_target	process	target process
1912	2008	WerFault.exe	1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe

description	pid	process	target process
PID 2008 wrote to memory of 1912	2008	1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe	WerFault.exe
PID 2008 wrote to memory of 1912	2008	1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe	WerFault.exe
PID 2008 wrote to memory of 1912	2008	1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe	WerFault.exe
PID 2008 wrote to memory of 1912	2008	1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe
"C:\Users\Admin\AppData\Local\Temp\1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 92
2⤵
- Program crash
PID:1912

memory/2008-0-0x0000000000C29000-0x0000000000C2A000-memory.dmp

Filesize
4KB

Download