fc0a70936e6485ae0ce312ce6ff394d0d21759de4bc9ea9b5e01544d951535c2

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 10:00 UTC

Target

d0f3f32b61b9e8c20cd73d28b21a5e034041570a81ffd7bddcd760bc2f8a5538.exe
Size

501KB
MD5

481a6a93cdc1991a33aa1619235084ac
SHA1

505d3069c350fdc7750bd23d89985c831bd1c01c
SHA256

d0f3f32b61b9e8c20cd73d28b21a5e034041570a81ffd7bddcd760bc2f8a5538
SHA512

ca08faf83252809be0f8f33343d4ff4e9742d68dcd86e04e2b17eda41ccb245042856dbf73fb1b3742ee27491d9f236d1dbfa91782ead8b09c9dc26f883478fb
SSDEEP

12288:6ZJQdCWme3O0X4aclyuoxVj0RteVtD57qyL98V:CedCWdofyuoxVj0RtqD1Z+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2068	848	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 2068	848	d0f3f32b61b9e8c20cd73d28b21a5e034041570a81ffd7bddcd760bc2f8a5538.exe	28
PID 848 wrote to memory of 2068	848	d0f3f32b61b9e8c20cd73d28b21a5e034041570a81ffd7bddcd760bc2f8a5538.exe	28
PID 848 wrote to memory of 2068	848	d0f3f32b61b9e8c20cd73d28b21a5e034041570a81ffd7bddcd760bc2f8a5538.exe	28
PID 848 wrote to memory of 2068	848	d0f3f32b61b9e8c20cd73d28b21a5e034041570a81ffd7bddcd760bc2f8a5538.exe	28

C:\Users\Admin\AppData\Local\Temp\d0f3f32b61b9e8c20cd73d28b21a5e034041570a81ffd7bddcd760bc2f8a5538.exe
"C:\Users\Admin\AppData\Local\Temp\d0f3f32b61b9e8c20cd73d28b21a5e034041570a81ffd7bddcd760bc2f8a5538.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:848
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 88
  2⤵
  - Program crash
  PID:2068

memory/848-0-0x0000000000B59000-0x0000000000B5A000-memory.dmp

Filesize
4KB

Download