3e066e86d67434d8a38bc01da39c33538b6bc7db3917f632f755d28b60a89adc

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 18:56

Target

2024052252995e1c59dd13c79402061a6233e9f1stop.exe
Size

1.1MB
MD5

52995e1c59dd13c79402061a6233e9f1
SHA1

7255acd1d05139237d3209cab8f9c52bf2e44ab7
SHA256

3e066e86d67434d8a38bc01da39c33538b6bc7db3917f632f755d28b60a89adc
SHA512

fdf2d23e3831ae7fa9400eac1ea082866dc82740acccde24b0d5a24cecd8a194af1596e7c6206dac493d255b263a2ced44ee71785ad29248817e002a2f8e81e3
SSDEEP

24576:ZBUIKn/vwOXGUXAjCymYZiVtElVIBT2roqnTSSxWeT/XRPOO86DHUq7:F0dwAYZt6C31WeTPRPOh67Uq7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1600	2068	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 1600	2068	2024052252995e1c59dd13c79402061a6233e9f1stop.exe	28
PID 2068 wrote to memory of 1600	2068	2024052252995e1c59dd13c79402061a6233e9f1stop.exe	28
PID 2068 wrote to memory of 1600	2068	2024052252995e1c59dd13c79402061a6233e9f1stop.exe	28
PID 2068 wrote to memory of 1600	2068	2024052252995e1c59dd13c79402061a6233e9f1stop.exe	28

C:\Users\Admin\AppData\Local\Temp\2024052252995e1c59dd13c79402061a6233e9f1stop.exe
"C:\Users\Admin\AppData\Local\Temp\2024052252995e1c59dd13c79402061a6233e9f1stop.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 192
  2⤵
  - Program crash
  PID:1600