95ab3090e9ccf9df22689e7edbf25ff261421b79c5dd96e473774bfcfb44df16

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 23:49

Target

loader.exe
Size

11KB
MD5

6654b1945e364bbbfc8db4523116f1b4
SHA1

a86f8c2b4f92a5b0334782ef1316b2ed8d053134
SHA256

95ab3090e9ccf9df22689e7edbf25ff261421b79c5dd96e473774bfcfb44df16
SHA512

1c7ff65874cf1b662384a248f66a7547eb9321157f09a58c6500ece02b96095eacbbce960ecfda0d1a1a8a04e097066dd0571740c474f076b98f03964ec636b4
SSDEEP

192:5U8JN0Uq+/7m21DQ8rpJlqH+XAUNEpRoffY3HWJic75TPkaw5:5U4/qMB1EaqH8ABVOKaw

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2516 2468 WerFault.exe loader.exe

pid	pid_target	process	target process
2516	2468	WerFault.exe	loader.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

loader.exe

description	pid	process	target process
PID 2468 wrote to memory of 2516	2468	loader.exe	WerFault.exe
PID 2468 wrote to memory of 2516	2468	loader.exe	WerFault.exe
PID 2468 wrote to memory of 2516	2468	loader.exe	WerFault.exe
PID 2468 wrote to memory of 2516	2468	loader.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 592
2⤵
- Program crash
PID:2516

memory/2468-0-0x00000000741FE000-0x00000000741FF000-memory.dmp

Filesize
4KB

Download
memory/2468-1-0x0000000000D60000-0x0000000000D6A000-memory.dmp

Filesize
40KB

Download
memory/2468-2-0x00000000004B0000-0x00000000004CA000-memory.dmp

Filesize
104KB

Download
memory/2468-3-0x00000000004D0000-0x00000000004DA000-memory.dmp

Filesize
40KB

Download
memory/2468-4-0x00000000741F0000-0x00000000748DE000-memory.dmp

Filesize
6.9MB

Download
memory/2468-5-0x00000000741F0000-0x00000000748DE000-memory.dmp

Filesize
6.9MB

Download