bec7de366995e60d3fd9c0c3b3feb7df8018ae86df8ba96806068668e03a86f4

Analysis

max time kernel
519s
max time network
403s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:38

Target

Dextron Group PO.exe
Size

1.4MB
MD5

02534060c07286b6c06db8b181509fb9
SHA1

eed82ba0c6cc7cc4d7c8a61844e0e84d440ebe03
SHA256

012e5ef35e2f13676d6141ea12f8ad4659d8fbdea99c244c995d46e78e5b2d17
SHA512

1ebea9a686adb6835c8778fd8a477c2ede69830ff24c5f8cb5d803ea7ed65174624afafb0a7e0b66c9d6ec0a0c4605d2ff17de565822ab4bc8e513d0cc878844
SSDEEP

24576:yn25nPkW3amy8sQxeWcktTjbJ42auDyEEEEEEEEEEEEEEEEEEEETKKKKKKKKKKKr:yn2kGy7wTjbX/DyEEEEEEEEEEEEEEEEm

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2856 2892 WerFault.exe Dextron Group PO.exe

pid	pid_target	process	target process
2856	2892	WerFault.exe	Dextron Group PO.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Dextron Group PO.exe

description	pid	process	target process
PID 2892 wrote to memory of 2856	2892	Dextron Group PO.exe	WerFault.exe
PID 2892 wrote to memory of 2856	2892	Dextron Group PO.exe	WerFault.exe
PID 2892 wrote to memory of 2856	2892	Dextron Group PO.exe	WerFault.exe
PID 2892 wrote to memory of 2856	2892	Dextron Group PO.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Dextron Group PO.exe
"C:\Users\Admin\AppData\Local\Temp\Dextron Group PO.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 712
2⤵
- Program crash
PID:2856

memory/2892-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2892-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2892-2-0x0000000000400000-0x0000000000578000-memory.dmp

Filesize
1.5MB

Download