65bea8caf3c1f4378b40b6de11db405e2c1030ba6c4dd6f1b49a25478c0ec5bf

Analysis

max time kernel
31s
max time network
35s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
08/07/2023, 08:58

Target

61edb94add7223exeexeexeex.exe
Size

262KB
MD5

61edb94add7223634c1174af32bcf0d0
SHA1

3e2abff1e6d004581a2c7b02b2a6fc1869bab898
SHA256

65bea8caf3c1f4378b40b6de11db405e2c1030ba6c4dd6f1b49a25478c0ec5bf
SHA512

bb2d41f3f99bc8ab019b8d94d71512c9cae129b59bc24e73f9b847e337f9be692c696eef0a8efdb3be74fca573c45ec35592c75c0db02a666516b73486aeef89
SSDEEP

3072:yGpYmsBADBDBPVLRTN57hRuG/Ep4j6k6+5yCD7QhYvpJ3FnNNi1zZBYgmCJR4xJI:T7SGS4jMM1ghupJ3N4n4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3068	3048	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 3068	3048	61edb94add7223exeexeexeex.exe	28
PID 3048 wrote to memory of 3068	3048	61edb94add7223exeexeexeex.exe	28
PID 3048 wrote to memory of 3068	3048	61edb94add7223exeexeexeex.exe	28
PID 3048 wrote to memory of 3068	3048	61edb94add7223exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\61edb94add7223exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\61edb94add7223exeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 176
  2⤵
  - Program crash
  PID:3068