ab97bbcda5baad1b76a138dcf544a1d0e0e35c925cb3ce71a6f7284344ddd291

Analysis

max time kernel
29s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
21-03-2023 10:10

Target

DOCUMENTOS DE ENVÍO DE DHL.exe
Size

904KB
MD5

a27c63b8fd7bcc4bec2ce29454636143
SHA1

fa57b127caaf299d43f15a38f18a8b55c3dbf582
SHA256

ab97bbcda5baad1b76a138dcf544a1d0e0e35c925cb3ce71a6f7284344ddd291
SHA512

202b4487796eb2ae90ce739d50dac6dea04de7c64453659cfcb0697690aa095c84b1396b7aebd69e4ab55b04b694bd9843a9d4598cd6df3c4c8eae088eec737c
SSDEEP

12288:4lKr2iNxKlgNGSD7sL30ZSYMzdZKBP7r9r/+pppppppppppppppppppppppppppv:ua1r+MI0SYMzdMB1q

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1744	876	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 876 wrote to memory of 1744	876	DOCUMENTOS DE ENVÍO DE DHL.exe	26
PID 876 wrote to memory of 1744	876	DOCUMENTOS DE ENVÍO DE DHL.exe	26
PID 876 wrote to memory of 1744	876	DOCUMENTOS DE ENVÍO DE DHL.exe	26
PID 876 wrote to memory of 1744	876	DOCUMENTOS DE ENVÍO DE DHL.exe	26

C:\Users\Admin\AppData\Local\Temp\DOCUMENTOS DE ENVÍO DE DHL.exe
"C:\Users\Admin\AppData\Local\Temp\DOCUMENTOS DE ENVÍO DE DHL.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:876
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 548
  2⤵
  - Program crash
  PID:1744

memory/876-54-0x0000000000280000-0x0000000000368000-memory.dmp

Filesize
928KB

Download