1d9371b33f7ee17d372703fceaaf38be90276968588357c53c2bbaf93abaf93d

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
14/07/2023, 04:38

Target

l6915007.exe
Size

1.7MB
MD5

fdf86ec4a0aac26b9d97fd024fd81171
SHA1

658cc3988bb9a09da8b8586425132e5b439979a1
SHA256

1d9371b33f7ee17d372703fceaaf38be90276968588357c53c2bbaf93abaf93d
SHA512

4a14b8ed97b546f28401ff6077f3e7467130d43c08cad9f2598db4a4556cc516fa6915df36166ff40d4059d89e78001e3918fabeef23f90c00a527819a4ecc2e
SSDEEP

24576:s+dBbRIbGVUaE/sGDFgAY+f30NwfcnWCpwnO66teUeXFYuBbVTb34k30/8dRi9:syB1eaE/1gAY63n0uNykji9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2540	2532	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2540	2532	l6915007.exe	29
PID 2532 wrote to memory of 2540	2532	l6915007.exe	29
PID 2532 wrote to memory of 2540	2532	l6915007.exe	29
PID 2532 wrote to memory of 2540	2532	l6915007.exe	29

C:\Users\Admin\AppData\Local\Temp\l6915007.exe
"C:\Users\Admin\AppData\Local\Temp\l6915007.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 56
  2⤵
  - Program crash
  PID:2540

memory/2532-54-0x0000000000400000-0x0000000000549000-memory.dmp

Filesize
1.3MB

Download
memory/2532-55-0x0000000000400000-0x0000000000549000-memory.dmp

Filesize
1.3MB

Download