9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 01:09

Target

9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333.exe
Size

854KB
MD5

3b26db0dd5d0a4d1fee567aafe927f82
SHA1

19a1b658afc8c1cb04de677cc727508c157cdcda
SHA256

9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333
SHA512

0eb82f5e50920e9aa7c5a00bdbcfd1094756591bf3cc9574105cc544a2ab7ce46e62594630fe62749c5e6f77d720a542dcd99c6da128ce93dac188cd42bca968
SSDEEP

12288:4I94SIG0d0uFhCchHcEiem+PuPeILLgJ9AI8s16fdeD7hV4wzd9CZ1k3:QzfVu25BtmPeIHgJ95w2F2et

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2696 1792 WerFault.exe 9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333.exe

pid	pid_target	process	target process
2696	1792	WerFault.exe	9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333.exe

description	pid	process	target process
PID 1792 wrote to memory of 2696	1792	9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333.exe	WerFault.exe
PID 1792 wrote to memory of 2696	1792	9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333.exe	WerFault.exe
PID 1792 wrote to memory of 2696	1792	9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333.exe	WerFault.exe
PID 1792 wrote to memory of 2696	1792	9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333.exe
"C:\Users\Admin\AppData\Local\Temp\9ac9b06776fc23988d64dc77fcc73aa742750a9538546ef976f084c1c9d1a333.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 640
2⤵
- Program crash
PID:2696

memory/1792-0-0x000000007465E000-0x000000007465F000-memory.dmp

Filesize
4KB

Download
memory/1792-1-0x00000000009C0000-0x0000000000A9C000-memory.dmp

Filesize
880KB

Download
memory/1792-2-0x0000000074650000-0x0000000074D3E000-memory.dmp

Filesize
6.9MB

Download
memory/1792-3-0x000000007465E000-0x000000007465F000-memory.dmp

Filesize
4KB

Download
memory/1792-4-0x0000000074650000-0x0000000074D3E000-memory.dmp

Filesize
6.9MB

Download