06693efbcf7024eb07f918f0972eecf05d3eefdffc70d6cc24f627a0a1992b29

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 05:35

Target

Loader.exe
Size

1.4MB
MD5

333820706e661defdc1185858d44b5c0
SHA1

5da5320fa35e8104d56a792ef72bd390f9bb6acd
SHA256

06693efbcf7024eb07f918f0972eecf05d3eefdffc70d6cc24f627a0a1992b29
SHA512

7c16d2116ebe9f7eaf847f7f57c28e81fc60ccf4686ddd74bcf93057a6d4b4df80e54d848f1322c084385e6f57da97c5754531c08e2493be1c999353841922c8
SSDEEP

24576:mJkC8BOJyvqvKMqnPKixoftztHm1UuPL9R9KWyYyAIZx/o1QN7nOA6oW5gwVdN9P:aKMrNt5HQUuPLL9ryLoe5nOtoWfVZ

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2972 2176 WerFault.exe Loader.exe

pid	pid_target	process	target process
2972	2176	WerFault.exe	Loader.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Loader.exe

description	pid	process	target process
PID 2176 wrote to memory of 2972	2176	Loader.exe	WerFault.exe
PID 2176 wrote to memory of 2972	2176	Loader.exe	WerFault.exe
PID 2176 wrote to memory of 2972	2176	Loader.exe	WerFault.exe
PID 2176 wrote to memory of 2972	2176	Loader.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 496
2⤵
- Program crash
PID:2972

memory/2176-0-0x00000000746DE000-0x00000000746DF000-memory.dmp

Filesize
4KB

Download
memory/2176-1-0x0000000000990000-0x0000000000AF6000-memory.dmp

Filesize
1.4MB

Download
memory/2176-2-0x00000000746D0000-0x0000000074DBE000-memory.dmp

Filesize
6.9MB

Download
memory/2176-3-0x00000000746DE000-0x00000000746DF000-memory.dmp

Filesize
4KB

Download
memory/2176-4-0x00000000746D0000-0x0000000074DBE000-memory.dmp

Filesize
6.9MB

Download