a44d7397ca2486a37cfbc6cd473037b204a5fe4678303dd2f187c814c85f25db

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 17:36

Target

65296f468099ebcd60c98ae5a6f7f005a227427a05eda0790e32e2f0c0061d95.exe
Size

332KB
MD5

7309fca9a6af6decce73c4243a826af5
SHA1

4567ebd86d7c877db55588520569c8b23ddc9ac0
SHA256

65296f468099ebcd60c98ae5a6f7f005a227427a05eda0790e32e2f0c0061d95
SHA512

312d47fc63601fde26ccc563c3a3999528f9ef19d75a63b91be38d45e4ad77302fd31593bdccd25aa8bdc6e915e6de820c1b1914c0d0be249ffcfa160e73272f
SSDEEP

6144:K+v1KlJPEF7c4i/93KJ7JN7Zi8A0GbkthVuP90EjKjrOjL7:oPEF7g4JO8AVk7VuFZWrOj

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2272 1640 WerFault.exe 65296f468099ebcd60c98ae5a6f7f005a227427a05eda0790e32e2f0c0061d95.exe

pid	pid_target	process	target process
2272	1640	WerFault.exe	65296f468099ebcd60c98ae5a6f7f005a227427a05eda0790e32e2f0c0061d95.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

65296f468099ebcd60c98ae5a6f7f005a227427a05eda0790e32e2f0c0061d95.exe

description	pid	process	target process
PID 1640 wrote to memory of 2272	1640	65296f468099ebcd60c98ae5a6f7f005a227427a05eda0790e32e2f0c0061d95.exe	WerFault.exe
PID 1640 wrote to memory of 2272	1640	65296f468099ebcd60c98ae5a6f7f005a227427a05eda0790e32e2f0c0061d95.exe	WerFault.exe
PID 1640 wrote to memory of 2272	1640	65296f468099ebcd60c98ae5a6f7f005a227427a05eda0790e32e2f0c0061d95.exe	WerFault.exe
PID 1640 wrote to memory of 2272	1640	65296f468099ebcd60c98ae5a6f7f005a227427a05eda0790e32e2f0c0061d95.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\65296f468099ebcd60c98ae5a6f7f005a227427a05eda0790e32e2f0c0061d95.exe
"C:\Users\Admin\AppData\Local\Temp\65296f468099ebcd60c98ae5a6f7f005a227427a05eda0790e32e2f0c0061d95.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 72
  2⤵
  - Program crash
  PID:2272

memory/1640-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1640-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download