502fbce583f91145b61ff34273a50b2225e477898a142d67a717c3eb8ae906bf

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19-12-2023 10:59

Target

0ebc9899c5607a8395ed7e5c442ef38e.exe
Size

5.5MB
MD5

0ebc9899c5607a8395ed7e5c442ef38e
SHA1

3c6ca3c4e0163010ae3f38ec49a1a5edeb39aecb
SHA256

502fbce583f91145b61ff34273a50b2225e477898a142d67a717c3eb8ae906bf
SHA512

6dbaf70dfc3c6af6a556e27fa5ef9b12a7111592ea8db5da9d93a1887b55216fab339e3301aff8ef51de953ac006fe7552ccfd7f584ae8c024dcf58c7a8eaa16
SSDEEP

6144:582p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBflC:hp4pNfz3ymJnJ8QCFkxCaQTOlHfU86t

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2392	2188	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2392	2188	0ebc9899c5607a8395ed7e5c442ef38e.exe	28
PID 2188 wrote to memory of 2392	2188	0ebc9899c5607a8395ed7e5c442ef38e.exe	28
PID 2188 wrote to memory of 2392	2188	0ebc9899c5607a8395ed7e5c442ef38e.exe	28
PID 2188 wrote to memory of 2392	2188	0ebc9899c5607a8395ed7e5c442ef38e.exe	28

C:\Users\Admin\AppData\Local\Temp\0ebc9899c5607a8395ed7e5c442ef38e.exe
"C:\Users\Admin\AppData\Local\Temp\0ebc9899c5607a8395ed7e5c442ef38e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 160
  2⤵
  - Program crash
  PID:2392