fea4a5268fd3fad5b4772bcf4ef021d104110cff4b7bd43f6ad10ebcab7b0916

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 14:35

Target

19408d20edf49736ff3e86b9c52dcd2bf4b3da61eff72888392b2de04e27351b.exe
Size

306KB
MD5

b309c1dadd09e6991ed90c6ccac7badb
SHA1

845485b9ae931e443c488e65d44cb2bc4ce48e99
SHA256

19408d20edf49736ff3e86b9c52dcd2bf4b3da61eff72888392b2de04e27351b
SHA512

3ed5e276f089e112169d41de199b35ff81055913b5d17c2edc6e1d4087e4aaf594662d6b62ef96d9da67865b641d2ea09166d90139a9b5e0f98bac9ff0c0bbd6
SSDEEP

6144:t7Zt9vSWh60RVAtljy114ZGaWCk1LixTtG3Xzd8nn+OJyL98p:5ZSWhH+Z81+Gzunn+qyL98p

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2856	1740	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2856	1740	19408d20edf49736ff3e86b9c52dcd2bf4b3da61eff72888392b2de04e27351b.exe	28
PID 1740 wrote to memory of 2856	1740	19408d20edf49736ff3e86b9c52dcd2bf4b3da61eff72888392b2de04e27351b.exe	28
PID 1740 wrote to memory of 2856	1740	19408d20edf49736ff3e86b9c52dcd2bf4b3da61eff72888392b2de04e27351b.exe	28
PID 1740 wrote to memory of 2856	1740	19408d20edf49736ff3e86b9c52dcd2bf4b3da61eff72888392b2de04e27351b.exe	28

C:\Users\Admin\AppData\Local\Temp\19408d20edf49736ff3e86b9c52dcd2bf4b3da61eff72888392b2de04e27351b.exe
"C:\Users\Admin\AppData\Local\Temp\19408d20edf49736ff3e86b9c52dcd2bf4b3da61eff72888392b2de04e27351b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 88
  2⤵
  - Program crash
  PID:2856

memory/1740-0-0x0000000000928000-0x0000000000929000-memory.dmp

Filesize
4KB

Download