0de96edb4d70f6572363280a239d34120689938748eea1fa8017658a9571c1fd

Analysis

max time kernel
29s
max time network
33s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
05-07-2023 14:26

Target

01662483f83d80exeexeexeex.exe
Size

186KB
MD5

01662483f83d8009a23495e01d06561c
SHA1

accdbdd6799e80a6d2ef084a08f2beef9f25dc27
SHA256

0de96edb4d70f6572363280a239d34120689938748eea1fa8017658a9571c1fd
SHA512

a9908dd427fbf6ed68930d364b071e403d4c0a96e9791367bd5b726a40cf3400317f71bbac217da86c33904cf55686e9de7b3f5299af39218d7a88f513cfd738
SSDEEP

3072:0F0AQbZt4uyPPD8aSzpgLn4jWjj5IvqzNJVApv4LHc4bf4AjX19D1FrHjfnH5DEK:Q03tZyPPD8aSzpgLn4jWjj5IvqzNJVAO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2904	3048	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2904	3048	01662483f83d80exeexeexeex.exe	28
PID 3048 wrote to memory of 2904	3048	01662483f83d80exeexeexeex.exe	28
PID 3048 wrote to memory of 2904	3048	01662483f83d80exeexeexeex.exe	28
PID 3048 wrote to memory of 2904	3048	01662483f83d80exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\01662483f83d80exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\01662483f83d80exeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 36
  2⤵
  - Program crash
  PID:2904

memory/3048-54-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download