38718c048b029ac6adc7423063e254ccfdda5b3e154cd6dffa3513e600108bd1

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 13:03

Target

bc07b01017153059dbd6e71eafb26440N.exe
Size

804KB
MD5

bc07b01017153059dbd6e71eafb26440
SHA1

e33b3e1ab51cfffa34b40f83c0de66ced612dff2
SHA256

38718c048b029ac6adc7423063e254ccfdda5b3e154cd6dffa3513e600108bd1
SHA512

5285f3802fb56c2332df532bd7c8de9edc759caca991035ddbe040a55f622b2c4cfcb5f119d00acea53ba0fb5533743e6ab24dd12cd2b66c6235921d55497d1a
SSDEEP

3072:y/8RinudiP52xx67lLdDiHDokKcWmjRrzOKQKkaN2c2XMSV0xfV24IIIDSbfH/YT:LkgiPA6R1PvxiizP0iaV+bhavxi

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3012	1280	WerFault.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 3012	1280	bc07b01017153059dbd6e71eafb26440N.exe	31
PID 1280 wrote to memory of 3012	1280	bc07b01017153059dbd6e71eafb26440N.exe	31
PID 1280 wrote to memory of 3012	1280	bc07b01017153059dbd6e71eafb26440N.exe	31
PID 1280 wrote to memory of 3012	1280	bc07b01017153059dbd6e71eafb26440N.exe	31

C:\Users\Admin\AppData\Local\Temp\bc07b01017153059dbd6e71eafb26440N.exe
"C:\Users\Admin\AppData\Local\Temp\bc07b01017153059dbd6e71eafb26440N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 36
  2⤵
  - Program crash
  PID:3012

memory/1280-1-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download