88fecb30a4aadc7752c67d0b97b71b546036429e82177fe06212696e34f4b5a1

Resubmissions

15/07/2024, 07:29

15/07/2024, 07:28

15/07/2024, 07:26

max time kernel
4s
max time network
0s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 07:29

Target

av-evasion.exe
Size

77KB
MD5

4c49aec08acce0459e68ff45277a87cf
SHA1

7cbf1d379f8978bb0431a02fea13c01c2b66d230
SHA256

8ef7ea80402ebcc0090a2078d3e63f4a50fcf5972a078ef19685794629710292
SHA512

23027ee8b1be3a72ef8c84e9057420513b9c5342c48a66c4b6a049370e21e91555fb99544a8a5ab89c4e0e5dadee4287b339949e713b250664a0e300e4669298
SSDEEP

1536:aQEuYgkm9zwirdz6klWV107wmGXy9HbWefdgjI9LjkB1Wnq00E5sWvecdvIcw:Wgz1rd2kl77KXy9HbWefdgCL2Iq2vIcw

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1792	2404	WerFault.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 1792	2404	av-evasion.exe	32
PID 2404 wrote to memory of 1792	2404	av-evasion.exe	32
PID 2404 wrote to memory of 1792	2404	av-evasion.exe	32
PID 2404 wrote to memory of 1792	2404	av-evasion.exe	32

C:\Users\Admin\AppData\Local\Temp\av-evasion.exe
"C:\Users\Admin\AppData\Local\Temp\av-evasion.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 56
  2⤵
  - Program crash
  PID:1792

memory/2404-0-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download