852578c8fd78580d2ded51cf4770be552a0572741b25052d6443aa09c825989f

Analysis

max time kernel
47s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
27-12-2022 13:34

Target

documents.exe
Size

1.2MB
MD5

2b6b46e5ca7df1f0719208da1156dc8d
SHA1

a8cb60bc52fea9bdf3f23e99eec8fc44039f78e3
SHA256

852578c8fd78580d2ded51cf4770be552a0572741b25052d6443aa09c825989f
SHA512

123f4f585baf2b61a07d21544454c3436d7b53f3917838eb365f6eed4cdfcf18c5e7bbe2033245c652db9b8fa835ab1e0c69375495f36e3554a7541ef8cf812c
SSDEEP

12288:zuV2KKo2QHV6u72X+uWABs5zX0ADyKPpQmUZNl8OmuOEwjjruI5rIzexxtuKGg+9:fuiN6QlmhTyynv7XXh+YbTRCYPjqz

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
572	1880	WerFault.exe	26

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 572	1880	documents.exe	27
PID 1880 wrote to memory of 572	1880	documents.exe	27
PID 1880 wrote to memory of 572	1880	documents.exe	27

C:\Users\Admin\AppData\Local\Temp\documents.exe
"C:\Users\Admin\AppData\Local\Temp\documents.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1880 -s 692
  2⤵
  - Program crash
  PID:572

memory/1880-54-0x0000000000B90000-0x0000000000CBC000-memory.dmp

Filesize
1.2MB

Download