d91749c5ad185e70e8752ddd0315e5d1679da634773727dfa1a9aa73e3692a7f

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
22-08-2023 05:14

Target

2312-69-0x0000000000400000-0x0000000000417000-memory.exe
Size

92KB
MD5

fa6c5b2873ac05dc25046f271b172b14
SHA1

3919141d639b1a3ad4913572e9ceadf025e84f11
SHA256

d91749c5ad185e70e8752ddd0315e5d1679da634773727dfa1a9aa73e3692a7f
SHA512

152f7e6ca72924ec664b8af488178e8116975afe81e70e866b4425250d1f85fc09102d5a3fb120fc851a581b1e5ce302b043418aa4ebef899a1015e0747955dc
SSDEEP

1536:4hhW0YTGZWdVseJxaM9kraLdV2QkQ1TbPX8IHOCkIsI4ESHNTh9E+JP19qkP6:ehzYTGWVvJ8f2v1TbPzuMsIFSHNThy+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2100	2468	WerFault.exe	21

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2100	2468	2312-69-0x0000000000400000-0x0000000000417000-memory.exe	28
PID 2468 wrote to memory of 2100	2468	2312-69-0x0000000000400000-0x0000000000417000-memory.exe	28
PID 2468 wrote to memory of 2100	2468	2312-69-0x0000000000400000-0x0000000000417000-memory.exe	28
PID 2468 wrote to memory of 2100	2468	2312-69-0x0000000000400000-0x0000000000417000-memory.exe	28

C:\Users\Admin\AppData\Local\Temp\2312-69-0x0000000000400000-0x0000000000417000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\2312-69-0x0000000000400000-0x0000000000417000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 172
  2⤵
  - Program crash
  PID:2100