721bab9898bb356b0adc1a0e8274c3d4fd7c577aa1789bff33f47461088f14c4

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:06

Target

721bab9898bb356b0adc1a0e8274c3d4fd7c577aa1789bff33f47461088f14c4.exe
Size

133KB
MD5

5856d67fc3f302cf32132ed41e2e87c6
SHA1

13d92619faf791e9ac1f83f26a386c7ad76907d9
SHA256

721bab9898bb356b0adc1a0e8274c3d4fd7c577aa1789bff33f47461088f14c4
SHA512

0d42d47ffd8e566e0eb2285bb29867f7b79de34a2736de92b7452ae13515d6cc98b4f08411a4a31d8ea3299801db1ca777b0eef45f0a14981f4c97e07204a4ce
SSDEEP

1536:DeT7BVwxfvcguKfmy0KQbj6vbjuKoauGi4D:DmVwRUE+y0KUj6TjR9i4D

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2864 2168 WerFault.exe 721bab9898bb356b0adc1a0e8274c3d4fd7c577aa1789bff33f47461088f14c4.exe

pid	pid_target	process	target process
2864	2168	WerFault.exe	721bab9898bb356b0adc1a0e8274c3d4fd7c577aa1789bff33f47461088f14c4.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

721bab9898bb356b0adc1a0e8274c3d4fd7c577aa1789bff33f47461088f14c4.exe

description	pid	process	target process
PID 2168 wrote to memory of 2864	2168	721bab9898bb356b0adc1a0e8274c3d4fd7c577aa1789bff33f47461088f14c4.exe	WerFault.exe
PID 2168 wrote to memory of 2864	2168	721bab9898bb356b0adc1a0e8274c3d4fd7c577aa1789bff33f47461088f14c4.exe	WerFault.exe
PID 2168 wrote to memory of 2864	2168	721bab9898bb356b0adc1a0e8274c3d4fd7c577aa1789bff33f47461088f14c4.exe	WerFault.exe
PID 2168 wrote to memory of 2864	2168	721bab9898bb356b0adc1a0e8274c3d4fd7c577aa1789bff33f47461088f14c4.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\721bab9898bb356b0adc1a0e8274c3d4fd7c577aa1789bff33f47461088f14c4.exe
"C:\Users\Admin\AppData\Local\Temp\721bab9898bb356b0adc1a0e8274c3d4fd7c577aa1789bff33f47461088f14c4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 36
2⤵
- Program crash
PID:2864