fc0a70936e6485ae0ce312ce6ff394d0d21759de4bc9ea9b5e01544d951535c2

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 10:00

Target

db044599ba62c9a98e024ecd1f465c8f39790d7683b22c64327635e0d2c0b4af.exe
Size

332KB
MD5

35924c0bb15b01b386378fac7c0aaa08
SHA1

dded29dbba3f32350573ad107ffb5b0d7e670b7a
SHA256

db044599ba62c9a98e024ecd1f465c8f39790d7683b22c64327635e0d2c0b4af
SHA512

d19f2648bbcbea5b132f57b4f832fc96fcacec58cbc1b2cec86354a9ddcb9b6d353082cc725d0a66222c582bda02e77d1ea19f2108ed216d547cc26718a64f91
SSDEEP

6144:WC6qcZ/Rjo7JY0n9J493SvUMwEgygh/Z9lkarsK+7iLwAw+dj3hGK0Xp:Wowo7JY0n90XygBXHsBiDj3hz0Xp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1420	2416	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 1420	2416	db044599ba62c9a98e024ecd1f465c8f39790d7683b22c64327635e0d2c0b4af.exe	29
PID 2416 wrote to memory of 1420	2416	db044599ba62c9a98e024ecd1f465c8f39790d7683b22c64327635e0d2c0b4af.exe	29
PID 2416 wrote to memory of 1420	2416	db044599ba62c9a98e024ecd1f465c8f39790d7683b22c64327635e0d2c0b4af.exe	29
PID 2416 wrote to memory of 1420	2416	db044599ba62c9a98e024ecd1f465c8f39790d7683b22c64327635e0d2c0b4af.exe	29

C:\Users\Admin\AppData\Local\Temp\db044599ba62c9a98e024ecd1f465c8f39790d7683b22c64327635e0d2c0b4af.exe
"C:\Users\Admin\AppData\Local\Temp\db044599ba62c9a98e024ecd1f465c8f39790d7683b22c64327635e0d2c0b4af.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 52
  2⤵
  - Program crash
  PID:1420

memory/2416-1-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/2416-0-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download