a263a46b2e8e46c8d1a9d1202e8b6c10f818a743bd8337e0ef2e6b130a0cf100

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 01:47

Target

RarExtInstaller.exe
Size

748KB
MD5

683bb5cff5289f284448f387d5f1d531
SHA1

002e36e7321ceb50d44158bcfcae59575ee63da1
SHA256

a263a46b2e8e46c8d1a9d1202e8b6c10f818a743bd8337e0ef2e6b130a0cf100
SHA512

9c8b2667a67f6491221cb466932f27f0cc1ff7f49936b274dbfd99697452a7493a49f82ace54473c1d59ff99d5629f230fee9d5a88b16349a7e88d140a05f69d
SSDEEP

12288:V6AlwuMQ7p28E3F+ldQCg30ggGposKwWMSyAv33DALt4SQq7teFSd3ud1tgzoaBw:vlwOldQCg30lUosKwWMSP3DAL/p7tePN

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2232 2460 WerFault.exe RarExtInstaller.exe

pid	pid_target	process	target process
2232	2460	WerFault.exe	RarExtInstaller.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

RarExtInstaller.exe

description	pid	process	target process
PID 2460 wrote to memory of 2232	2460	RarExtInstaller.exe	WerFault.exe
PID 2460 wrote to memory of 2232	2460	RarExtInstaller.exe	WerFault.exe
PID 2460 wrote to memory of 2232	2460	RarExtInstaller.exe	WerFault.exe
PID 2460 wrote to memory of 2232	2460	RarExtInstaller.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\RarExtInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\RarExtInstaller.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 96
2⤵
- Program crash
PID:2232

memory/2460-0-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download