3e17df6d4f4f9f321f783a50e1f8b364203f181274ff217b0c2a216dff63d41f

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 18:22

Target

Wgdebahewafthr.exe
Size

1.3MB
MD5

ac3cc1d716ec424586c4d87f5ae6f22a
SHA1

7f1bf229e51a5b0acd84ef0707c2efbb76af8aa3
SHA256

3e17df6d4f4f9f321f783a50e1f8b364203f181274ff217b0c2a216dff63d41f
SHA512

a2e4d04a7b6484e6965af2673a52fd7ffa4ce48324e54eb7c52bdc0c8fbc8c1a6eca7dc8e90f81abb8befa11c43182e2916ea9e34f3364937cfaf489a1934684
SSDEEP

24576:AP+g7Wy3xfMZKdcKtTjbJ4/EEEEEEEEEEEEEEEEEEEETKKKKKKKKKKKKKKKKKKK7:A/iy3g6Tjb4EEEEEEEEEEEEEEEEEEEE+

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2564 2876 WerFault.exe Wgdebahewafthr.exe

pid	pid_target	process	target process
2564	2876	WerFault.exe	Wgdebahewafthr.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Wgdebahewafthr.exe

description	pid	process	target process
PID 2876 wrote to memory of 2564	2876	Wgdebahewafthr.exe	WerFault.exe
PID 2876 wrote to memory of 2564	2876	Wgdebahewafthr.exe	WerFault.exe
PID 2876 wrote to memory of 2564	2876	Wgdebahewafthr.exe	WerFault.exe
PID 2876 wrote to memory of 2564	2876	Wgdebahewafthr.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Wgdebahewafthr.exe
"C:\Users\Admin\AppData\Local\Temp\Wgdebahewafthr.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 692
2⤵
- Program crash
PID:2564

memory/2876-0-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2876-1-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2876-2-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download