cffeeebd8148443e204d9ed2c588f03b41bebb2a2d73f52232e8f3df1dd25be1

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 03:20

Target

cffeeebd8148443e204d9ed2c588f03b41bebb2a2d73f52232e8f3df1dd25be1.exe
Size

107KB
MD5

d639ab2ed87077bd67578993f4fa11b6
SHA1

b4eee2e2622fe2ed4aafec2a21514327723a0802
SHA256

cffeeebd8148443e204d9ed2c588f03b41bebb2a2d73f52232e8f3df1dd25be1
SHA512

31e909985ced25e8355092c8cdc6965bcd1170d6d2ff083567ce2a87c29b2cd78396b4a74ebb6a69a70fbed4fb4a6e14b593b4b143a1804035c9cd52ee75a3f4
SSDEEP

3072:REhLjK16CnK4cT6HKBmg0cr22fdmpmtDufp:WjKvcWvcr22fdKp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2316	1564	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 1564	2196	regsvr32.exe	28
PID 2196 wrote to memory of 1564	2196	regsvr32.exe	28
PID 2196 wrote to memory of 1564	2196	regsvr32.exe	28
PID 2196 wrote to memory of 1564	2196	regsvr32.exe	28
PID 2196 wrote to memory of 1564	2196	regsvr32.exe	28
PID 2196 wrote to memory of 1564	2196	regsvr32.exe	28
PID 2196 wrote to memory of 1564	2196	regsvr32.exe	28
PID 1564 wrote to memory of 2316	1564	regsvr32.exe	29
PID 1564 wrote to memory of 2316	1564	regsvr32.exe	29
PID 1564 wrote to memory of 2316	1564	regsvr32.exe	29
PID 1564 wrote to memory of 2316	1564	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cffeeebd8148443e204d9ed2c588f03b41bebb2a2d73f52232e8f3df1dd25be1.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cffeeebd8148443e204d9ed2c588f03b41bebb2a2d73f52232e8f3df1dd25be1.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1564
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 292
    3⤵
    - Program crash
    PID:2316