64ab9e5256f45e1bc95d2200909c1b4a18d31dacc876a04e332e6aabb38030c5

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 03:38

Target

54f36c1dabd0444942d8dbd3e64442a0N.exe
Size

376KB
MD5

54f36c1dabd0444942d8dbd3e64442a0
SHA1

63ef26543eb758211566b825c33e5d190fca71d6
SHA256

64ab9e5256f45e1bc95d2200909c1b4a18d31dacc876a04e332e6aabb38030c5
SHA512

48dfba66847839004d1ac26262ae0b8c8b0e3415ac868fab5381a99c2cead534a054f8701ad13726e9883dee20c411f7180c013069630630f7dba4e2c931e783
SSDEEP

6144:PIHYsPbS31zXqSNQgeiOKnDYVH0pwpMWEmpRBJ1NuUBY+f7zAF11whggaoHofphg:PIVPel6SOgeiOKEVH0ppWfBJ7XBczmRR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2944	784	WerFault.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 784 wrote to memory of 2944	784	54f36c1dabd0444942d8dbd3e64442a0N.exe	31
PID 784 wrote to memory of 2944	784	54f36c1dabd0444942d8dbd3e64442a0N.exe	31
PID 784 wrote to memory of 2944	784	54f36c1dabd0444942d8dbd3e64442a0N.exe	31
PID 784 wrote to memory of 2944	784	54f36c1dabd0444942d8dbd3e64442a0N.exe	31

C:\Users\Admin\AppData\Local\Temp\54f36c1dabd0444942d8dbd3e64442a0N.exe
"C:\Users\Admin\AppData\Local\Temp\54f36c1dabd0444942d8dbd3e64442a0N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:784
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 36
  2⤵
  - Program crash
  PID:2944