f9fa8ae62a5cb8f407a53972450641d3b3f0f61cf40a1cbed228ff7b566edb49

Analysis

max time kernel
51s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
11/02/2023, 22:18

Target

doc.exe
Size

750KB
MD5

df15de7c2c3f2ab0c7a9d93a6d6d32d7
SHA1

74a23958ca5dc4cfd31ed5ff228f0dbc32498834
SHA256

f9fa8ae62a5cb8f407a53972450641d3b3f0f61cf40a1cbed228ff7b566edb49
SHA512

9fcc04f9e39190fcb1abe1e1a3276924d1f249f585fc5821d501b0fab8a49dbfb205d387749840f8674d4b9f3d885632d4c8d72c541060a14f89fa096cb97978
SSDEEP

12288:GJfRP/+C+2SlLVseHKNTn7tunA+/kSy/ljwXcd7wJErzqk1yftE3WUfnQKJyjqOf:GJwjseHKNTn7tunA+/kSyNKIiWOk1YtP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
904	872	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 904	872	doc.exe	28
PID 872 wrote to memory of 904	872	doc.exe	28
PID 872 wrote to memory of 904	872	doc.exe	28
PID 872 wrote to memory of 904	872	doc.exe	28

C:\Users\Admin\AppData\Local\Temp\doc.exe
"C:\Users\Admin\AppData\Local\Temp\doc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 652
  2⤵
  - Program crash
  PID:904

memory/872-54-0x00000000011A0000-0x0000000001260000-memory.dmp

Filesize
768KB

Download
memory/872-55-0x0000000075891000-0x0000000075893000-memory.dmp

Filesize
8KB

Download
memory/872-56-0x0000000000380000-0x000000000038E000-memory.dmp

Filesize
56KB

Download