6931b124d38d52bd7cdef48121fda457d407b63b59bb4e6ead4ce548f4bbb971

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 05:55

Target

out.exe
Size

40KB
MD5

1dc19cb4abfbdfce5b34756603fb5d43
SHA1

8b2d7f82fc13888bf0fa97c1fe73ae8eb615b703
SHA256

c1bac7436253ca3e66f36dfdbc1f237cf4c6bc0cf7f2dec5dd9ed9611d16191f
SHA512

394dc2752498ebea6ae44172e337f764034fd78187b79d5a8c1c525811802c04b20edb9a885aecc4f6e417e250ca42b08993774fee40986e1eb3209a05ce8e5d
SSDEEP

384:moyzEpcGhIxJl9JEdauBNa/nu333s8JrxRMt0GNtslmlLpB1pyLloyGw6Bm7lpIn:mo4EpThIpEdauX3hS/sjfkGudUj9Vg

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1988 2100 WerFault.exe out.exe

pid	pid_target	process	target process
1988	2100	WerFault.exe	out.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

out.exe

description	pid	process	target process
PID 2100 wrote to memory of 1988	2100	out.exe	WerFault.exe
PID 2100 wrote to memory of 1988	2100	out.exe	WerFault.exe
PID 2100 wrote to memory of 1988	2100	out.exe	WerFault.exe
PID 2100 wrote to memory of 1988	2100	out.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\out.exe
"C:\Users\Admin\AppData\Local\Temp\out.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 36
  2⤵
  - Program crash
  PID:1988