087376d7bd256a20833d0b4d3cee1af5d8623085fb75832ffe0e5083cd5954d3

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 17:25

Target

larp.exe
Size

337KB
MD5

14eaedcb4c0bb54191cb59af0ed6df7a
SHA1

852b083d50e4115eb4752a4ac6b8d0e8ad3ae286
SHA256

087376d7bd256a20833d0b4d3cee1af5d8623085fb75832ffe0e5083cd5954d3
SHA512

febe23879bc4a1689cbe42caf50c129c9acacbf79d5ce976792facfb5ebcaaac632d65b8ebb7ea85dd5e941cf87ff246152d0c5c4d4bb6b2d77aec13439a46bd
SSDEEP

6144:cppIYGIsY9ZD80oKwXkScP5FNHHZjdk0xCRkclPNasDxqVNqEuaeAIY:cpdmfWw0ScP5/5j0RBPosl2qOefY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1856	1048	WerFault.exe	28

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 1856	1048	larp.exe	30
PID 1048 wrote to memory of 1856	1048	larp.exe	30
PID 1048 wrote to memory of 1856	1048	larp.exe	30
PID 1048 wrote to memory of 1856	1048	larp.exe	30

C:\Users\Admin\AppData\Local\Temp\larp.exe
"C:\Users\Admin\AppData\Local\Temp\larp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 572
  2⤵
  - Program crash
  PID:1856

memory/1048-0-0x000000007495E000-0x000000007495F000-memory.dmp

Filesize
4KB

Download
memory/1048-1-0x0000000001220000-0x000000000127A000-memory.dmp

Filesize
360KB

Download
memory/1048-2-0x0000000074950000-0x000000007503E000-memory.dmp

Filesize
6.9MB

Download
memory/1048-3-0x00000000008B0000-0x00000000008FA000-memory.dmp

Filesize
296KB

Download
memory/1048-4-0x0000000074950000-0x000000007503E000-memory.dmp

Filesize
6.9MB

Download