a2f94952c89ea440f82877365db5b4a5cf14a10e4168a22a92fce4a8fd98404f

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 00:57

Target

a2f94952c89ea440f82877365db5b4a5cf14a10e4168a22a92fce4a8fd98404f.exe
Size

363KB
MD5

75db6dfdebb9bf0d98acfc15f2219c62
SHA1

5bc1ceec4269b4e893f2b00c1c4b3c0cb42a3291
SHA256

a2f94952c89ea440f82877365db5b4a5cf14a10e4168a22a92fce4a8fd98404f
SHA512

b295c110369cb2c56d87aab45ff93961b076474d16ca9a7138ab3e6e7acbc8a13a2949dcbc88e6f2e96e4fae793e1793b3052c7ec390ee3d6cd517029583dd2f
SSDEEP

6144:1JhLSp8zWMtAJA0Z9aRlEiw+pVc4Amr7me33k/JNSdiaJIlsZa6n:pLSpmqKRw+84B7mA3aJE4aOAFn

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2516	2160	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2516	2160	a2f94952c89ea440f82877365db5b4a5cf14a10e4168a22a92fce4a8fd98404f.exe	29
PID 2160 wrote to memory of 2516	2160	a2f94952c89ea440f82877365db5b4a5cf14a10e4168a22a92fce4a8fd98404f.exe	29
PID 2160 wrote to memory of 2516	2160	a2f94952c89ea440f82877365db5b4a5cf14a10e4168a22a92fce4a8fd98404f.exe	29
PID 2160 wrote to memory of 2516	2160	a2f94952c89ea440f82877365db5b4a5cf14a10e4168a22a92fce4a8fd98404f.exe	29

C:\Users\Admin\AppData\Local\Temp\a2f94952c89ea440f82877365db5b4a5cf14a10e4168a22a92fce4a8fd98404f.exe
"C:\Users\Admin\AppData\Local\Temp\a2f94952c89ea440f82877365db5b4a5cf14a10e4168a22a92fce4a8fd98404f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 52
  2⤵
  - Program crash
  PID:2516

memory/2160-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2160-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download