98131777460e91a7c0f465bef0837a3b3c768a5ff4864f712f1fcdbb3e811866

Analysis

max time kernel
112s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 01:37

Target

2224fa573148c2c1a2d9996bd3b4c960N.exe
Size

5.4MB
MD5

2224fa573148c2c1a2d9996bd3b4c960
SHA1

e0a11f233ec4ac21d4231f046dc66e80be321d8a
SHA256

98131777460e91a7c0f465bef0837a3b3c768a5ff4864f712f1fcdbb3e811866
SHA512

3986c259f06c8981ce5273b4e600e30e2932e2f711141ef7f256c3f837ba459661c08f6337a819c08c0af5bc314484299901f838e626ef6a10eb17bd17269a55
SSDEEP

98304:dFv17b9vB1CXd6PUV/3TuWUrm4gv301y332A98B8L9gwAhWSCljufPzSENcQ7:d/DUN6sVvTutiE16P98B8BgwzSqj6ZcG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1792	1676	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 1792	1676	2224fa573148c2c1a2d9996bd3b4c960N.exe	30
PID 1676 wrote to memory of 1792	1676	2224fa573148c2c1a2d9996bd3b4c960N.exe	30
PID 1676 wrote to memory of 1792	1676	2224fa573148c2c1a2d9996bd3b4c960N.exe	30
PID 1676 wrote to memory of 1792	1676	2224fa573148c2c1a2d9996bd3b4c960N.exe	30

C:\Users\Admin\AppData\Local\Temp\2224fa573148c2c1a2d9996bd3b4c960N.exe
"C:\Users\Admin\AppData\Local\Temp\2224fa573148c2c1a2d9996bd3b4c960N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 140
  2⤵
  - Program crash
  PID:1792

memory/1676-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download