a9d073c2c5b2aa5667a645027998b6c1559747b1d3fbb06b36fe079a0230d7a4

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 13:57

Target

b2dfe0267ee5f836011bf01eeff95c2b.exe
Size

7.3MB
MD5

b2dfe0267ee5f836011bf01eeff95c2b
SHA1

43d6ebed7fad96534276baad35ab919a826e63b8
SHA256

a9d073c2c5b2aa5667a645027998b6c1559747b1d3fbb06b36fe079a0230d7a4
SHA512

01925c6f53e637c77852776ccc686900b034e9e828d87ce2fcf7ccd63ae8ae08361fa9922df662f13ce7afc19feab7952bf0c9cd77b5d5732aa3c6334ec21aa9
SSDEEP

98304:DxC3ud6MOIvysi7CQKzo5qphIHVruP3WpF3UdE1hZHEdLF00W:oGQgMkhgJuP32+dmhZk/0V

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2364	1736	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2364	1736	b2dfe0267ee5f836011bf01eeff95c2b.exe	28
PID 1736 wrote to memory of 2364	1736	b2dfe0267ee5f836011bf01eeff95c2b.exe	28
PID 1736 wrote to memory of 2364	1736	b2dfe0267ee5f836011bf01eeff95c2b.exe	28
PID 1736 wrote to memory of 2364	1736	b2dfe0267ee5f836011bf01eeff95c2b.exe	28

C:\Users\Admin\AppData\Local\Temp\b2dfe0267ee5f836011bf01eeff95c2b.exe
"C:\Users\Admin\AppData\Local\Temp\b2dfe0267ee5f836011bf01eeff95c2b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 156
  2⤵
  - Program crash
  PID:2364

memory/1736-0-0x0000000000320000-0x0000000000B01000-memory.dmp

Filesize
7.9MB

Download
memory/1736-1-0x0000000000320000-0x0000000000B01000-memory.dmp

Filesize
7.9MB

Download
memory/1736-2-0x0000000000320000-0x0000000000B01000-memory.dmp

Filesize
7.9MB

Download