0554eb2ffa3582b000d558b6950ec60e876f1259c41acff2eac47ab78a53e94a

Resubmissions

14/05/2024, 05:41

14/05/2024, 04:58

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 04:58

Target

0554eb2ffa3582b000d558b6950ec60e876f1259c41acff2eac47ab78a53e94a.exe
Size

168KB
MD5

9f727c56a415bf8ffa884ef241bbcd10
SHA1

530f9163be551b7488650542de31cdfd11307d63
SHA256

0554eb2ffa3582b000d558b6950ec60e876f1259c41acff2eac47ab78a53e94a
SHA512

a8dee704e2cf435826fd5dc1590c0b00acc63c778513e4ccfd12b6334a58b9643a1123ff647c93a04fdcf8da169702401b82c9d4700d7f923f65d4959e8e1d03
SSDEEP

3072:UhcVaKFog98MItvzffbcdJa0U117xnghcgulgWczJEa+MI:U+VrojMOjfwa0U1ra71Et

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1812	996	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 1812	996	0554eb2ffa3582b000d558b6950ec60e876f1259c41acff2eac47ab78a53e94a.exe	28
PID 996 wrote to memory of 1812	996	0554eb2ffa3582b000d558b6950ec60e876f1259c41acff2eac47ab78a53e94a.exe	28
PID 996 wrote to memory of 1812	996	0554eb2ffa3582b000d558b6950ec60e876f1259c41acff2eac47ab78a53e94a.exe	28
PID 996 wrote to memory of 1812	996	0554eb2ffa3582b000d558b6950ec60e876f1259c41acff2eac47ab78a53e94a.exe	28

C:\Users\Admin\AppData\Local\Temp\0554eb2ffa3582b000d558b6950ec60e876f1259c41acff2eac47ab78a53e94a.exe
"C:\Users\Admin\AppData\Local\Temp\0554eb2ffa3582b000d558b6950ec60e876f1259c41acff2eac47ab78a53e94a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:996
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 1716
  2⤵
  - Program crash
  PID:1812