4c2020b91f35a8f5bba585aaf0bb4ad1464157dfab5a442d061a6b9d8c64511d

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:25

Target

4c2020b91f35a8f5bba585aaf0bb4ad1464157dfab5a442d061a6b9d8c64511d.exe
Size

340KB
MD5

5bdf536aea1674af1e9181b12f1902f2
SHA1

0cf79c0c46fdf8ae31fa557f2b1d0403ff4b61b7
SHA256

4c2020b91f35a8f5bba585aaf0bb4ad1464157dfab5a442d061a6b9d8c64511d
SHA512

428db047a6d2db1150b916cd5958f662686ec36d6115c3ccce8943c58db186b89e34a148855f8edd21018347d50d2745e5367fa404ca02ce4e26ef06548449c1
SSDEEP

3072:lizRtzTNHwo8soECAKzAdHs2qxnCtnTF7d0CdyAfalUVn1/6D8CB+RTh2k:Ytz5VoNAKs9ltbdyPUVn1/PRN2k

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2708 2972 WerFault.exe 4c2020b91f35a8f5bba585aaf0bb4ad1464157dfab5a442d061a6b9d8c64511d.exe

pid	pid_target	process	target process
2708	2972	WerFault.exe	4c2020b91f35a8f5bba585aaf0bb4ad1464157dfab5a442d061a6b9d8c64511d.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

4c2020b91f35a8f5bba585aaf0bb4ad1464157dfab5a442d061a6b9d8c64511d.exe

description	pid	process	target process
PID 2972 wrote to memory of 2708	2972	4c2020b91f35a8f5bba585aaf0bb4ad1464157dfab5a442d061a6b9d8c64511d.exe	WerFault.exe
PID 2972 wrote to memory of 2708	2972	4c2020b91f35a8f5bba585aaf0bb4ad1464157dfab5a442d061a6b9d8c64511d.exe	WerFault.exe
PID 2972 wrote to memory of 2708	2972	4c2020b91f35a8f5bba585aaf0bb4ad1464157dfab5a442d061a6b9d8c64511d.exe	WerFault.exe
PID 2972 wrote to memory of 2708	2972	4c2020b91f35a8f5bba585aaf0bb4ad1464157dfab5a442d061a6b9d8c64511d.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\4c2020b91f35a8f5bba585aaf0bb4ad1464157dfab5a442d061a6b9d8c64511d.exe
"C:\Users\Admin\AppData\Local\Temp\4c2020b91f35a8f5bba585aaf0bb4ad1464157dfab5a442d061a6b9d8c64511d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 36
  2⤵
  - Program crash
  PID:2708

memory/2972-0-0x00000000059D0000-0x0000000005A25000-memory.dmp

Filesize
340KB

Download