0bcd064c34649aaab529360aded88179d15bfe092202fdc844134321fe1fc96f

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 21:17

Target

20240524490cae182af4c1e5103dc4a0913a452dmafia.exe
Size

341KB
MD5

490cae182af4c1e5103dc4a0913a452d
SHA1

84e947bb52e3c7b6a99387e1f78eae562eb7f640
SHA256

0bcd064c34649aaab529360aded88179d15bfe092202fdc844134321fe1fc96f
SHA512

068cfa15d29a3d6c3d0f49364b555096dc93f809750c2839463208679a7e85d18b544292460eb2c8f1cbe86531fb596aeab337d51fa06352d69f7a699c406496
SSDEEP

6144:aippiu4FVaZSJLVo/pHtI4VOs7iQJjbOmlM17GOztKvhqAE:aippiu49ED4ifJnOmlG77K2

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1796 1132 WerFault.exe 20240524490cae182af4c1e5103dc4a0913a452dmafia.exe

pid	pid_target	process	target process
1796	1132	WerFault.exe	20240524490cae182af4c1e5103dc4a0913a452dmafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

20240524490cae182af4c1e5103dc4a0913a452dmafia.exe

description	pid	process	target process
PID 1132 wrote to memory of 1796	1132	20240524490cae182af4c1e5103dc4a0913a452dmafia.exe	WerFault.exe
PID 1132 wrote to memory of 1796	1132	20240524490cae182af4c1e5103dc4a0913a452dmafia.exe	WerFault.exe
PID 1132 wrote to memory of 1796	1132	20240524490cae182af4c1e5103dc4a0913a452dmafia.exe	WerFault.exe
PID 1132 wrote to memory of 1796	1132	20240524490cae182af4c1e5103dc4a0913a452dmafia.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\20240524490cae182af4c1e5103dc4a0913a452dmafia.exe
"C:\Users\Admin\AppData\Local\Temp\20240524490cae182af4c1e5103dc4a0913a452dmafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 120
2⤵
- Program crash
PID:1796