d929db0b4de9bed4c0750ad10440c81484f64e1f308689c0c56cdbe1bfe63b39

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 06:19 UTC

Target

0033b9ed1c09bad0795150029eeb32a7620ee7b6768eb42c36c9ecdece2dd440.exe
Size

1.2MB
MD5

79ddbf3796474af496fb1439c5eebc2d
SHA1

a19adecb0ac26f08d575309fdd4a9829af0b4a2a
SHA256

0033b9ed1c09bad0795150029eeb32a7620ee7b6768eb42c36c9ecdece2dd440
SHA512

49b2ee4594692e531e3f562584462b73c74c876267fa20c4207fac6fe2de9960cf1d102bc16a41b2f4320bd6a02cbb84d3516cf00f7feca6c57cb06811b4aa99
SSDEEP

24576:SBXCi7JIK8li6v93OhlvTMsY5BeDMZGxZYLrbdjxpl10s:SBSJli6v93OLicsjpus

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2560	2372	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2560	2372	0033b9ed1c09bad0795150029eeb32a7620ee7b6768eb42c36c9ecdece2dd440.exe	29
PID 2372 wrote to memory of 2560	2372	0033b9ed1c09bad0795150029eeb32a7620ee7b6768eb42c36c9ecdece2dd440.exe	29
PID 2372 wrote to memory of 2560	2372	0033b9ed1c09bad0795150029eeb32a7620ee7b6768eb42c36c9ecdece2dd440.exe	29
PID 2372 wrote to memory of 2560	2372	0033b9ed1c09bad0795150029eeb32a7620ee7b6768eb42c36c9ecdece2dd440.exe	29

C:\Users\Admin\AppData\Local\Temp\0033b9ed1c09bad0795150029eeb32a7620ee7b6768eb42c36c9ecdece2dd440.exe
"C:\Users\Admin\AppData\Local\Temp\0033b9ed1c09bad0795150029eeb32a7620ee7b6768eb42c36c9ecdece2dd440.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 52
  2⤵
  - Program crash
  PID:2560

memory/2372-0-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/2372-1-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download