6f18bcd3189e785d72b313e0d453eae7548af0b55a36eded240f532475f734da

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 11:52

Target

Loader.exe
Size

857KB
MD5

2b4ca19ce32a373dde70fb0ebdf96fc7
SHA1

0273612af7bd1080541d32496162f1a62bac27e6
SHA256

6f18bcd3189e785d72b313e0d453eae7548af0b55a36eded240f532475f734da
SHA512

89082aaaf1c11159b55ef038c4c7e303708f5b850d82b4302ba6903381c5f70ff80c9c2b54416a1211944fbc7fd9cf4fc6ef121b39a4de62692d277c21ab4b81
SSDEEP

12288:kAyjhkgp8WRcJ/VQ/Rm8g5rbEU8cwqAWfg0um2IvZc94WvGGQsh61HdpTmgSBex2:8hk1sJRxyxAgFRZc94QbQsGTmBKy

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1076	1108	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 1076	1108	Loader.exe	31
PID 1108 wrote to memory of 1076	1108	Loader.exe	31
PID 1108 wrote to memory of 1076	1108	Loader.exe	31
PID 1108 wrote to memory of 1076	1108	Loader.exe	31

C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 96
  2⤵
  - Program crash
  PID:1076

memory/1108-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download