2685b451d5bc5d1cd7c159a87efdfacd5a60c314491404e6e60e752ba3db90cf

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 15:27

Target

6286d393c93044fd5b8363ccad5324fadfde3e3d9b340ec908941eab3fe90652.exe
Size

315KB
MD5

bf89c72f6388b3884699e8081c8314c4
SHA1

587f7e952669cc84756181deff315132cba078d4
SHA256

6286d393c93044fd5b8363ccad5324fadfde3e3d9b340ec908941eab3fe90652
SHA512

fa90330bb2e3a16579de6ae76bda2371b7e18e246ebcaa7432d010f2743e944bbf5e494941bb2d3192cc4816fa97e64cefe31f61817cd6cf18b38e9cc81b02ce
SSDEEP

6144:pR99pI60nbM8uPZy3+8KIDP3uSEykJUxDyvPH3ef5AvnKXHS:pr9+60nbnuY3PEykJ2M3ehAsHS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2876	2396	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2876	2396	6286d393c93044fd5b8363ccad5324fadfde3e3d9b340ec908941eab3fe90652.exe	29
PID 2396 wrote to memory of 2876	2396	6286d393c93044fd5b8363ccad5324fadfde3e3d9b340ec908941eab3fe90652.exe	29
PID 2396 wrote to memory of 2876	2396	6286d393c93044fd5b8363ccad5324fadfde3e3d9b340ec908941eab3fe90652.exe	29
PID 2396 wrote to memory of 2876	2396	6286d393c93044fd5b8363ccad5324fadfde3e3d9b340ec908941eab3fe90652.exe	29

C:\Users\Admin\AppData\Local\Temp\6286d393c93044fd5b8363ccad5324fadfde3e3d9b340ec908941eab3fe90652.exe
"C:\Users\Admin\AppData\Local\Temp\6286d393c93044fd5b8363ccad5324fadfde3e3d9b340ec908941eab3fe90652.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 36
  2⤵
  - Program crash
  PID:2876

memory/2396-0-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download