f8286288484ce1fd82ab5b4e05a9f9c42f85d4718c38af7fb20bf76fd6e62022

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 22:18

Target

152eb23f42a7390556b4380c34f1f786.exe
Size

120KB
MD5

152eb23f42a7390556b4380c34f1f786
SHA1

f8fbaf2e54440c0314ff5701265f94d31a89f2b2
SHA256

f8286288484ce1fd82ab5b4e05a9f9c42f85d4718c38af7fb20bf76fd6e62022
SHA512

61788e6d0872a381f429eb1bed47e69e46cd79cf9d81a7f662af50c9bf34dab0d7931e82a85b58609b2588060cbee698ae5aea6a5e4151b9cde110193c9d199c
SSDEEP

768:naqjDbrQAOpIrbbMKIX7TNnpK3MWOshXm0VHDWkAkRgFB+VIMrDpWMp8xvioIKX6:aIPrQA2IrbYKILTBCvjrTcRI3fV/v

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2532	1060	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 2532	1060	152eb23f42a7390556b4380c34f1f786.exe	14
PID 1060 wrote to memory of 2532	1060	152eb23f42a7390556b4380c34f1f786.exe	14
PID 1060 wrote to memory of 2532	1060	152eb23f42a7390556b4380c34f1f786.exe	14
PID 1060 wrote to memory of 2532	1060	152eb23f42a7390556b4380c34f1f786.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 148
1⤵
- Program crash
PID:2532

C:\Users\Admin\AppData\Local\Temp\152eb23f42a7390556b4380c34f1f786.exe
"C:\Users\Admin\AppData\Local\Temp\152eb23f42a7390556b4380c34f1f786.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1060

memory/1060-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download