87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:32

Target

87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
Size

912KB
MD5

489e1fae49f440d756e8a9909ebb216e
SHA1

1ba4b116c5a6522f119072a73f22296bf480a9a6
SHA256

87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324
SHA512

8b84cb877d00063b654412ab2c9ed05f510976b35e01cc11d7281baaf017f14129cf6f25fc81fa40d65494ea951411e74c27c4dae42df53763942b58abb13750
SSDEEP

12288:5vo5RPxfakFRlrm1rPmytG3fJgYjVDa/ZS9anFY:sNacjjCOa/ZSUnK

Score

7^/10

Deletes itself 1 IoCs

Processes:

87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe

pid process

2596 87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
Executes dropped EXE 1 IoCs

Processes:

87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe

pid process

2596 87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
Loads dropped DLL 4 IoCs

Processes:

87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exeWerFault.exe

pid process

2380 87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
2944 WerFault.exe
2944 WerFault.exe
2944 WerFault.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2944 2596 WerFault.exe 87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe

pid process

2380 87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe

pid process

2596 87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe

pid	process
2596	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe

pid	process
2596	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe

pid	process
2380	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
2944	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe

pid	pid_target	process	target process
2944	2596	WerFault.exe	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe

pid	process
2380	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe

pid	process
2596	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe

description	pid	process	target process
PID 2380 wrote to memory of 2596	2380	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
PID 2380 wrote to memory of 2596	2380	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
PID 2380 wrote to memory of 2596	2380	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
PID 2380 wrote to memory of 2596	2380	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
PID 2596 wrote to memory of 2944	2596	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe	WerFault.exe
PID 2596 wrote to memory of 2944	2596	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe	WerFault.exe
PID 2596 wrote to memory of 2944	2596	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe	WerFault.exe
PID 2596 wrote to memory of 2944	2596	87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe	WerFault.exe

\Users\Admin\AppData\Local\Temp\87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
Filesize
912KB

MD5
47bd4eeb3ad749f0087bd78251332781

SHA1
8323c1779347b75aacd8f83689bbe5e525c35cdd

SHA256
1b5e582255a80217c1c06667cf69693a1a9de0a4d4c6344dc364ab285d55fb1d

SHA512
b8966de87a45894a84e6f450bedb7544f23aa375b6eaea909254d4b0042636f48f9ff855e3f8731993b22e3a480468b09dc3bc57f30654c9742fb17beed1f76f

Download Submit
memory/2380-0-0x0000000000400000-0x00000000004EE000-memory.dmp

Filesize
952KB

Download
memory/2380-7-0x0000000000400000-0x00000000004EE000-memory.dmp

Filesize
952KB

Download
memory/2596-9-0x0000000000400000-0x00000000004EE000-memory.dmp

Filesize
952KB

Download
memory/2596-10-0x0000000002E80000-0x0000000002F6E000-memory.dmp

Filesize
952KB

Download