9bf42d30009d4ddad615b803ba623f0520c82c23439142288ce711002d7b3292

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 14:50

Target

7f4e22792482af87ecb52079082a4c33f24544a6b37c4e5da40ac1ac7f9ca3bb.exe
Size

332KB
MD5

d84439daf93489d765085cc2f32f6cc5
SHA1

0590cf46425d0e6872b91aacfa9ee77ba360910e
SHA256

7f4e22792482af87ecb52079082a4c33f24544a6b37c4e5da40ac1ac7f9ca3bb
SHA512

8640f95d913066e653a3014e40dc283667e4b8ab09f8494b87f99371632cb3910e7cda9850c10d974a6ae336e750d68ac0154fe124bd88d2c5bcd1d87dc39c22
SSDEEP

6144:UFpwxf1gbCn4EXza9J+0rrCJJRgyghmqL7D1XkA59Kje+0Xp:UXbbCn4EXzt5oyggqLV0R30Xp

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3036 1032 WerFault.exe 7f4e22792482af87ecb52079082a4c33f24544a6b37c4e5da40ac1ac7f9ca3bb.exe

pid	pid_target	process	target process
3036	1032	WerFault.exe	7f4e22792482af87ecb52079082a4c33f24544a6b37c4e5da40ac1ac7f9ca3bb.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

7f4e22792482af87ecb52079082a4c33f24544a6b37c4e5da40ac1ac7f9ca3bb.exe

description	pid	process	target process
PID 1032 wrote to memory of 3036	1032	7f4e22792482af87ecb52079082a4c33f24544a6b37c4e5da40ac1ac7f9ca3bb.exe	WerFault.exe
PID 1032 wrote to memory of 3036	1032	7f4e22792482af87ecb52079082a4c33f24544a6b37c4e5da40ac1ac7f9ca3bb.exe	WerFault.exe
PID 1032 wrote to memory of 3036	1032	7f4e22792482af87ecb52079082a4c33f24544a6b37c4e5da40ac1ac7f9ca3bb.exe	WerFault.exe
PID 1032 wrote to memory of 3036	1032	7f4e22792482af87ecb52079082a4c33f24544a6b37c4e5da40ac1ac7f9ca3bb.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\7f4e22792482af87ecb52079082a4c33f24544a6b37c4e5da40ac1ac7f9ca3bb.exe
"C:\Users\Admin\AppData\Local\Temp\7f4e22792482af87ecb52079082a4c33f24544a6b37c4e5da40ac1ac7f9ca3bb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 52
2⤵
- Program crash
PID:3036

memory/1032-1-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/1032-0-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download