27faae8152a8f12141e10bc225eb8b6253bf8ebf801197d8dc94086e5c1a3729

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 02:25

Target

213e77682c178c0e8b7f368e84d801d0N.exe
Size

472KB
MD5

213e77682c178c0e8b7f368e84d801d0
SHA1

31b7811b70efb911ab7aa974a93dfd5601a43d3e
SHA256

27faae8152a8f12141e10bc225eb8b6253bf8ebf801197d8dc94086e5c1a3729
SHA512

1c09483ddcef39abba917b62a673c265934f4df62ec017c5736b878cf03b0aeb4c550e01846befd0b42c1287e774a6438b7a734961f18a221a19427bd07759ae
SSDEEP

3072:G8RinudiP52xx67lLdoiHDoUqN49Vd2iY16o93zN4HBe:LkgiPA6RGPUwSj2iY16o93hyI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1780	2608	WerFault.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 1780	2608	213e77682c178c0e8b7f368e84d801d0N.exe	31
PID 2608 wrote to memory of 1780	2608	213e77682c178c0e8b7f368e84d801d0N.exe	31
PID 2608 wrote to memory of 1780	2608	213e77682c178c0e8b7f368e84d801d0N.exe	31
PID 2608 wrote to memory of 1780	2608	213e77682c178c0e8b7f368e84d801d0N.exe	31

C:\Users\Admin\AppData\Local\Temp\213e77682c178c0e8b7f368e84d801d0N.exe
"C:\Users\Admin\AppData\Local\Temp\213e77682c178c0e8b7f368e84d801d0N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 36
  2⤵
  - Program crash
  PID:1780

memory/2608-1-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download