6a68962bd0b2f1b0fa3c65a832cd849d9976a88f1165c9c27542d79a438bc1d8

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 01:08

Target

247cac527dae45fabfb9907b10e8ed80N.exe
Size

5KB
MD5

247cac527dae45fabfb9907b10e8ed80
SHA1

3ac520713fef1c5703839fb376bb3f8a21a8382a
SHA256

6a68962bd0b2f1b0fa3c65a832cd849d9976a88f1165c9c27542d79a438bc1d8
SHA512

cfa015c15be0fac9b588d021c2ff0dbd5eb77a79fea6c26190732ca432e3a5d113b7873c4650142fdd223844e67667e7d72871ea56bf4cb33ddc4b26ced3078e
SSDEEP

96:qzi9a7RhBEkgYPJLPihlU/aSRmN+P4cSH/zdaJ/zl3zNt:XalhB/xJOj/emA4rdaVb

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1468	1948	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1468	1948	247cac527dae45fabfb9907b10e8ed80N.exe	30
PID 1948 wrote to memory of 1468	1948	247cac527dae45fabfb9907b10e8ed80N.exe	30
PID 1948 wrote to memory of 1468	1948	247cac527dae45fabfb9907b10e8ed80N.exe	30
PID 1948 wrote to memory of 1468	1948	247cac527dae45fabfb9907b10e8ed80N.exe	30

C:\Users\Admin\AppData\Local\Temp\247cac527dae45fabfb9907b10e8ed80N.exe
"C:\Users\Admin\AppData\Local\Temp\247cac527dae45fabfb9907b10e8ed80N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 556
  2⤵
  - Program crash
  PID:1468

memory/1948-0-0x0000000074ABE000-0x0000000074ABF000-memory.dmp

Filesize
4KB

Download
memory/1948-1-0x0000000001200000-0x0000000001208000-memory.dmp

Filesize
32KB

Download