eb42e7ed6cca7e7f9b661bb0bc01e9d717e97111d2333e7f225016a8b7365c29

Analysis

max time kernel
21s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 01:15

Target

3eee5596b9e60cfa87723f9849a612b0N.exe
Size

5.9MB
MD5

3eee5596b9e60cfa87723f9849a612b0
SHA1

1310030f1c71423332eff5112cf848046161c415
SHA256

eb42e7ed6cca7e7f9b661bb0bc01e9d717e97111d2333e7f225016a8b7365c29
SHA512

e93f5908c4dd7b4f363c3a7a0725a86af3556ce90d8064c0a1c004bd692f193feaec492d9eb80c6c5978db3bdda2f6ebd2ab3c7a8ab48769f1183a2e4c00ca74
SSDEEP

98304:A9kwpgUhLrRTsg3TDHatNPTt0o8sO5sd1jv1uD4:AXxBD2tNPTGN5oxv0D4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2556	2064	WerFault.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2064	3eee5596b9e60cfa87723f9849a612b0N.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2556	2064	3eee5596b9e60cfa87723f9849a612b0N.exe	29
PID 2064 wrote to memory of 2556	2064	3eee5596b9e60cfa87723f9849a612b0N.exe	29
PID 2064 wrote to memory of 2556	2064	3eee5596b9e60cfa87723f9849a612b0N.exe	29
PID 2064 wrote to memory of 2556	2064	3eee5596b9e60cfa87723f9849a612b0N.exe	29

C:\Users\Admin\AppData\Local\Temp\3eee5596b9e60cfa87723f9849a612b0N.exe
"C:\Users\Admin\AppData\Local\Temp\3eee5596b9e60cfa87723f9849a612b0N.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 88
  2⤵
  - Program crash
  PID:2556

memory/2064-2-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/2064-4-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/2064-6-0x0000000000400000-0x0000000000CAC000-memory.dmp

Filesize
8.7MB

Download
memory/2064-7-0x0000000000421000-0x0000000000724000-memory.dmp

Filesize
3.0MB

Download
memory/2064-0-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/2064-8-0x0000000000400000-0x0000000000CAC000-memory.dmp

Filesize
8.7MB

Download
memory/2064-9-0x0000000000400000-0x0000000000CAC000-memory.dmp

Filesize
8.7MB

Download
memory/2064-10-0x0000000000421000-0x0000000000724000-memory.dmp

Filesize
3.0MB

Download