20c96d6b0079447b92aa0398f6717f27143f57344c9dbedc883ea8f3defbf39d

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 05:32

Target

Payment For order details .exe
Size

1.3MB
MD5

a727d144b8c72c3e8e2be8dcd2c03d06
SHA1

49c198221a162575df965cf3844dc3126ad6c943
SHA256

20c96d6b0079447b92aa0398f6717f27143f57344c9dbedc883ea8f3defbf39d
SHA512

af5d7769edcbf9e3b94c276dde24603a715ef13473182334945e553742722cbc1ee322f62f603353b74208557e0581809b04cb02347fa0d859896a9b563458ea
SSDEEP

24576:AP+g7Wy3xfMZKdcKtTjbJ45EEEEEEEEEEEEEEEEEEEETKKKKKKKKKKKKKKKKKKK7:A/iy3g6Tjb2EEEEEEEEEEEEEEEEEEEE+

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2168 1044 WerFault.exe Payment For order details .exe

pid	pid_target	process	target process
2168	1044	WerFault.exe	Payment For order details .exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Payment For order details .exe

description	pid	process	target process
PID 1044 wrote to memory of 2168	1044	Payment For order details .exe	WerFault.exe
PID 1044 wrote to memory of 2168	1044	Payment For order details .exe	WerFault.exe
PID 1044 wrote to memory of 2168	1044	Payment For order details .exe	WerFault.exe
PID 1044 wrote to memory of 2168	1044	Payment For order details .exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Payment For order details .exe
"C:\Users\Admin\AppData\Local\Temp\Payment For order details .exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 768
  2⤵
  - Program crash
  PID:2168

memory/1044-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1044-1-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download