1d11c985ab456d176302f4102a0391047843779b5dec3f38139e718e6d785600

Analysis

max time kernel
109s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15-04-2023 15:55

Target

MicrosoftOffice.exe
Size

138KB
MD5

0fb5351ee57cc30525ae7c604e644260
SHA1

0ec3158fd0231435119499cd114d7fd6c73a1441
SHA256

1d11c985ab456d176302f4102a0391047843779b5dec3f38139e718e6d785600
SHA512

bae6fdad79125b28b47731557abe02651132ed4c3bb85550148da740907f8f140ea38ebe1bf5c4966d291bfc581cc67083bac0fd6e6f11750c7a1921dd0b8e37
SSDEEP

3072:9uiZM5HwaKFHWWU9QyCtxjGDsNz99kWrUst4BHFa9o89ecJPK5vL:DYH8WWiQyoNBz99kWAt8scJPK5D

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2024	1752	WerFault.exe	26

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2024	1752	MicrosoftOffice.exe	27
PID 1752 wrote to memory of 2024	1752	MicrosoftOffice.exe	27
PID 1752 wrote to memory of 2024	1752	MicrosoftOffice.exe	27

C:\Users\Admin\AppData\Local\Temp\MicrosoftOffice.exe
"C:\Users\Admin\AppData\Local\Temp\MicrosoftOffice.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1752 -s 200
  2⤵
  - Program crash
  PID:2024

memory/1752-54-0x000000013FA40000-0x000000013FA7C000-memory.dmp

Filesize
240KB

Download
memory/1752-64-0x000000013FA40000-0x000000013FA7C000-memory.dmp

Filesize
240KB

Download