9bf42d30009d4ddad615b803ba623f0520c82c23439142288ce711002d7b3292

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 14:50

Target

6eeb3d69d9979df74b9c482de2344395f5470b94f07494b4a4dd74fb5d286069.exe
Size

527KB
MD5

e37cabc57eb01eeee18f0fe54dbf50ed
SHA1

2d8fb6568c8b5bee977bf86c45295ec17943e1ae
SHA256

6eeb3d69d9979df74b9c482de2344395f5470b94f07494b4a4dd74fb5d286069
SHA512

115cc30d1e2c0ac66ed22908e2f433209d318b79b58e2df5b2b2e44b3890208c87abe5147d21009b3f5362f7bca79324ae1c44d916232981813fdd2e8c89314a
SSDEEP

12288:HZIeNiEvQJt6ygIYBz0birVU2fROWON90Xp:HZIsvQwzHHh1

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2444 2488 WerFault.exe 6eeb3d69d9979df74b9c482de2344395f5470b94f07494b4a4dd74fb5d286069.exe

pid	pid_target	process	target process
2444	2488	WerFault.exe	6eeb3d69d9979df74b9c482de2344395f5470b94f07494b4a4dd74fb5d286069.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

6eeb3d69d9979df74b9c482de2344395f5470b94f07494b4a4dd74fb5d286069.exe

description	pid	process	target process
PID 2488 wrote to memory of 2444	2488	6eeb3d69d9979df74b9c482de2344395f5470b94f07494b4a4dd74fb5d286069.exe	WerFault.exe
PID 2488 wrote to memory of 2444	2488	6eeb3d69d9979df74b9c482de2344395f5470b94f07494b4a4dd74fb5d286069.exe	WerFault.exe
PID 2488 wrote to memory of 2444	2488	6eeb3d69d9979df74b9c482de2344395f5470b94f07494b4a4dd74fb5d286069.exe	WerFault.exe
PID 2488 wrote to memory of 2444	2488	6eeb3d69d9979df74b9c482de2344395f5470b94f07494b4a4dd74fb5d286069.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\6eeb3d69d9979df74b9c482de2344395f5470b94f07494b4a4dd74fb5d286069.exe
"C:\Users\Admin\AppData\Local\Temp\6eeb3d69d9979df74b9c482de2344395f5470b94f07494b4a4dd74fb5d286069.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 52
  2⤵
  - Program crash
  PID:2444

memory/2488-0-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/2488-1-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download