a5a60fff28603cb806dc8eb37ad652f7e11cee2520553548371197d987eaca38

Analysis

max time kernel
27s
max time network
31s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
05-07-2023 20:01

Target

1e727f813ce98bexeexeexeex.exe
Size

192KB
MD5

1e727f813ce98b5397a0601e05e884d4
SHA1

589742e3100df7e3996b5bd9a5d55662cbf6ed6a
SHA256

a5a60fff28603cb806dc8eb37ad652f7e11cee2520553548371197d987eaca38
SHA512

d6feb5c05262b792769d444450dc72d0d8a818e30a3a69c693ea83876a8cd55673a52e28e99fd1efdf4e999c31bf34499db4522145207c614507eaf4255da1b0
SSDEEP

3072:2aLp+m0NbcThBD2IQWitDv7lrIcLf6VbkkO6FPxq2MgskWhWM:2GV0NbcThR2NDZrRfUgqEk+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2360	268	WerFault.exe	28

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 268 wrote to memory of 2360	268	1e727f813ce98bexeexeexeex.exe	29
PID 268 wrote to memory of 2360	268	1e727f813ce98bexeexeexeex.exe	29
PID 268 wrote to memory of 2360	268	1e727f813ce98bexeexeexeex.exe	29
PID 268 wrote to memory of 2360	268	1e727f813ce98bexeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\1e727f813ce98bexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\1e727f813ce98bexeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:268
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 36
  2⤵
  - Program crash
  PID:2360

memory/268-54-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download