ad93cb8f2caa9818241e8b1aec88b592fb02f1767b110d08b3864c59a468b43f

Analysis

max time kernel
140s
max time network
128s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
19-05-2024 01:14

Target

95311fc0f7c080fc57155842d9f00c404813f27744c9142dfb785d0bcd410190.exe
Size

1.1MB
MD5

4ef725e78d41b96d40ad546b5d92efe9
SHA1

b8ee90718310eeab41306d79df5f1cc8b02f7f5b
SHA256

95311fc0f7c080fc57155842d9f00c404813f27744c9142dfb785d0bcd410190
SHA512

20bccba9827758fdd077c0e2d6051a6537ac57ddb80265b16fe410c12639470d1c96ca6cec2cc2941793e628b7e5ae47320ace91e92ddb7a6550026840a1e20e
SSDEEP

24576:b6G5oq6WlY5EQJbBCt598PkfzGwWPEXyqQ:bPQrJChIP1q

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2508 1924 WerFault.exe 95311fc0f7c080fc57155842d9f00c404813f27744c9142dfb785d0bcd410190.exe
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.

Processes:

description flow ioc

HTTP User-Agent header 4 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

pid	pid_target	process	target process
2508	1924	WerFault.exe	95311fc0f7c080fc57155842d9f00c404813f27744c9142dfb785d0bcd410190.exe

description	flow	ioc
HTTP User-Agent header	4	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

95311fc0f7c080fc57155842d9f00c404813f27744c9142dfb785d0bcd410190.exe

description	pid	process	target process
PID 1924 wrote to memory of 2508	1924	95311fc0f7c080fc57155842d9f00c404813f27744c9142dfb785d0bcd410190.exe	WerFault.exe
PID 1924 wrote to memory of 2508	1924	95311fc0f7c080fc57155842d9f00c404813f27744c9142dfb785d0bcd410190.exe	WerFault.exe
PID 1924 wrote to memory of 2508	1924	95311fc0f7c080fc57155842d9f00c404813f27744c9142dfb785d0bcd410190.exe	WerFault.exe
PID 1924 wrote to memory of 2508	1924	95311fc0f7c080fc57155842d9f00c404813f27744c9142dfb785d0bcd410190.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\95311fc0f7c080fc57155842d9f00c404813f27744c9142dfb785d0bcd410190.exe
"C:\Users\Admin\AppData\Local\Temp\95311fc0f7c080fc57155842d9f00c404813f27744c9142dfb785d0bcd410190.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 728
  2⤵
  - Program crash
  PID:2508

memory/1924-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1924-1-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download