00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 22:30

Target

00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe
Size

1.8MB
MD5

7fc744e8d5f2c7c533dd995a5d0c1d30
SHA1

f8220ea06b9c3e5d31a203f63787bd502780f33c
SHA256

00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797
SHA512

c3a96071bdabaaca5689f11c14505d0d4bd8f877a7aaf6ce5b376db46cd589819bf810c68f704197a9a91b7ce46217e7a05c3f86b7d64cd61a7a367178e68aeb
SSDEEP

49152:cyrEETqGrGGWynfIfGzXH0Bf5GlQyMSCGT:cyrEEPKG9woXreyMZGT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2496	2516	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2496	2516	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	28
PID 2516 wrote to memory of 2496	2516	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	28
PID 2516 wrote to memory of 2496	2516	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	28
PID 2516 wrote to memory of 2496	2516	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	28

C:\Users\Admin\AppData\Local\Temp\00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe
"C:\Users\Admin\AppData\Local\Temp\00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 68
  2⤵
  - Program crash
  PID:2496

memory/2516-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download