f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 10:37

Target

f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe
Size

4.3MB
MD5

cbc6259e0983460e2916ff786217139d
SHA1

7484040e31c28ab183e815e23812717f3517217b
SHA256

f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5
SHA512

64ffeb52cc1867632bb4b452fb09dcd9afd378ef908888928654624ef191d5c7442810a51ceda16d1a2e471438f607a57e36c92632f13821e92082f9b2e6331a
SSDEEP

49152:31S1zFNBxoFmiPilPyGo97uTfzX80thsHvrZlX0UuvZPGkK8N1PapB1wFiSQRU+D:3CZkPilPgcX807sPrZheuSZG/rRM98

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2644	2084	WerFault.exe	27

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2316	2084	f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe	29
PID 2084 wrote to memory of 2316	2084	f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe	29
PID 2084 wrote to memory of 2316	2084	f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe	29
PID 2084 wrote to memory of 2316	2084	f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe	29
PID 2316 wrote to memory of 2700	2316	cmd.exe	30
PID 2316 wrote to memory of 2700	2316	cmd.exe	30
PID 2316 wrote to memory of 2700	2316	cmd.exe	30
PID 2316 wrote to memory of 2700	2316	cmd.exe	30
PID 2316 wrote to memory of 1636	2316	cmd.exe	31
PID 2316 wrote to memory of 1636	2316	cmd.exe	31
PID 2316 wrote to memory of 1636	2316	cmd.exe	31
PID 2316 wrote to memory of 1636	2316	cmd.exe	31
PID 2316 wrote to memory of 1964	2316	cmd.exe	32
PID 2316 wrote to memory of 1964	2316	cmd.exe	32
PID 2316 wrote to memory of 1964	2316	cmd.exe	32
PID 2316 wrote to memory of 1964	2316	cmd.exe	32
PID 2084 wrote to memory of 2644	2084	f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe	33
PID 2084 wrote to memory of 2644	2084	f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe	33
PID 2084 wrote to memory of 2644	2084	f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe	33
PID 2084 wrote to memory of 2644	2084	f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe	33

C:\Users\Admin\AppData\Local\Temp\f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe
"C:\Users\Admin\AppData\Local\Temp\f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2316
- - C:\Windows\SysWOW64\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe" MD5
    3⤵
    PID:2700
- - C:\Windows\SysWOW64\find.exe
    find /i /v "md5"
    3⤵
    PID:1636
- - C:\Windows\SysWOW64\find.exe
    find /i /v "certutil"
    3⤵
    PID:1964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 388
  2⤵
  - Program crash
  PID:2644