e3c05a75d14e13e509aa9c5c422cde3563a1e0fef87698d07278b18634279c36

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 16:08

Target

e95bd3a6e46857a04a4f01f000425608.exe
Size

1.0MB
MD5

e95bd3a6e46857a04a4f01f000425608
SHA1

ec8ffbdecdf327129eaaed362155f98f2cd6fee4
SHA256

e3c05a75d14e13e509aa9c5c422cde3563a1e0fef87698d07278b18634279c36
SHA512

eaf6405c3d96d22099b282ed17788c458e06e3f0e46a2ab96b0d604428a06435f3b17d8cbdd2e815dd1af4b3a5e9fb9dcfb0f74d234e3043781f0d68aa457af7
SSDEEP

24576:SblhB3ij3Cqrm9t4rVcy0HGR++WUjccOrhfv:q1SjrJrSy0HPBv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1028	1832	WerFault.exe	4

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 1028	1832	e95bd3a6e46857a04a4f01f000425608.exe	24
PID 1832 wrote to memory of 1028	1832	e95bd3a6e46857a04a4f01f000425608.exe	24
PID 1832 wrote to memory of 1028	1832	e95bd3a6e46857a04a4f01f000425608.exe	24
PID 1832 wrote to memory of 1028	1832	e95bd3a6e46857a04a4f01f000425608.exe	24

C:\Users\Admin\AppData\Local\Temp\e95bd3a6e46857a04a4f01f000425608.exe
"C:\Users\Admin\AppData\Local\Temp\e95bd3a6e46857a04a4f01f000425608.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 656
  2⤵
  - Program crash
  PID:1028

memory/1832-0-0x00000000010F0000-0x00000000011FE000-memory.dmp

Filesize
1.1MB

Download
memory/1832-1-0x0000000074740000-0x0000000074E2E000-memory.dmp

Filesize
6.9MB

Download
memory/1832-2-0x0000000004DD0000-0x0000000004E10000-memory.dmp

Filesize
256KB

Download
memory/1832-3-0x0000000074740000-0x0000000074E2E000-memory.dmp

Filesize
6.9MB

Download
memory/1832-4-0x0000000004DD0000-0x0000000004E10000-memory.dmp

Filesize
256KB

Download