b9e5ab4620dc672f82c5d9d32459fd7a6a13960be269d8b13b8b4b6a1a33cf66

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 00:09

Target

1dbe4ba8f382a47c48facfd9360fac10.exe
Size

353KB
MD5

1dbe4ba8f382a47c48facfd9360fac10
SHA1

08b5c20e80e71abfaa842697a1e9ed3ee76feeee
SHA256

b9e5ab4620dc672f82c5d9d32459fd7a6a13960be269d8b13b8b4b6a1a33cf66
SHA512

8920aff361ff91c18a08b16076215c30f4fc7c8ffd0de9fa822698c66165324545a20103d971f5e093c147cd5987d85ad9fb64969eba4ea67fc728641b13e992
SSDEEP

6144:3YidRQfaVJpx3VZiYbEhYPQTEy/gbs4z5OOhChUU3V8i84hx7SJuV5erUuiLEO:3RaaVJpxb0wyKsK5xhdiJScXeLiLEO

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
2228	2904	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

1dbe4ba8f382a47c48facfd9360fac10.exe

description	pid	Process	procid_target
PID 2904 wrote to memory of 2228	2904	1dbe4ba8f382a47c48facfd9360fac10.exe	28
PID 2904 wrote to memory of 2228	2904	1dbe4ba8f382a47c48facfd9360fac10.exe	28
PID 2904 wrote to memory of 2228	2904	1dbe4ba8f382a47c48facfd9360fac10.exe	28
PID 2904 wrote to memory of 2228	2904	1dbe4ba8f382a47c48facfd9360fac10.exe	28

C:\Users\Admin\AppData\Local\Temp\1dbe4ba8f382a47c48facfd9360fac10.exe
"C:\Users\Admin\AppData\Local\Temp\1dbe4ba8f382a47c48facfd9360fac10.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 52
  2⤵
  - Program crash
  PID:2228

memory/2904-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2904-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download