132289704de81e5014306f192b09c97c0252ce3fcc72d981779085e7b9a61cd0

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 16:24

Target

132289704de81e5014306f192b09c97c0252ce3fcc72d981779085e7b9a61cd0.exe
Size

1.9MB
MD5

539811c87f4654f1665e9a49c5457066
SHA1

f7b825496b715d84c2e87d8b60ebcf7505b6cd4c
SHA256

132289704de81e5014306f192b09c97c0252ce3fcc72d981779085e7b9a61cd0
SHA512

a654a2554828998ffd91fd60288fcf740813e129b2b375a42eaad049cd5bc7868a755e120a5b195f578eac9adde463f5c5b926e8f89a69122f697bb73e199e4d
SSDEEP

49152:/fZTmjlVqD/zL8EDMGWUt9PZWQKzw65ZkzQuKAW1Db96jIt6:/xy3qD/zL8HUt9Ygq6MukPh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
832	2696	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 832	2696	132289704de81e5014306f192b09c97c0252ce3fcc72d981779085e7b9a61cd0.exe	28
PID 2696 wrote to memory of 832	2696	132289704de81e5014306f192b09c97c0252ce3fcc72d981779085e7b9a61cd0.exe	28
PID 2696 wrote to memory of 832	2696	132289704de81e5014306f192b09c97c0252ce3fcc72d981779085e7b9a61cd0.exe	28
PID 2696 wrote to memory of 832	2696	132289704de81e5014306f192b09c97c0252ce3fcc72d981779085e7b9a61cd0.exe	28

C:\Users\Admin\AppData\Local\Temp\132289704de81e5014306f192b09c97c0252ce3fcc72d981779085e7b9a61cd0.exe
"C:\Users\Admin\AppData\Local\Temp\132289704de81e5014306f192b09c97c0252ce3fcc72d981779085e7b9a61cd0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 48
  2⤵
  - Program crash
  PID:832

memory/2696-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2696-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download