3f5d408614ed10ba8fcbad6ab9b37c34b58dafba96b3e185893d1c4ade15cdc8

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 21:28 UTC

Target

12fa6b3342214efa5ffe1528b3079bf3.exe
Size

76KB
MD5

12fa6b3342214efa5ffe1528b3079bf3
SHA1

61f05090e484f191010ee99037b67b72bb20b6ff
SHA256

3f5d408614ed10ba8fcbad6ab9b37c34b58dafba96b3e185893d1c4ade15cdc8
SHA512

c07ec2b6ce8b2da55598e3a2a6b57f51027319487a1b8ee940ef227602b9a90884db994cc452e5cf58c7b7b3a28ea4b350dd0aea9f667e764500cb498abb9f1a
SSDEEP

1536:qC36mrBQfwDQ5o8g97jK5XAnJ9urXj/+yUC5cjEErxTWDTMqhGKYIZTET8x:16kbUSh9vK5X06rzGy6jBkMqhGKZTbx

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1704	756	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 1704	756	12fa6b3342214efa5ffe1528b3079bf3.exe	16
PID 756 wrote to memory of 1704	756	12fa6b3342214efa5ffe1528b3079bf3.exe	16
PID 756 wrote to memory of 1704	756	12fa6b3342214efa5ffe1528b3079bf3.exe	16
PID 756 wrote to memory of 1704	756	12fa6b3342214efa5ffe1528b3079bf3.exe	16

C:\Users\Admin\AppData\Local\Temp\12fa6b3342214efa5ffe1528b3079bf3.exe
"C:\Users\Admin\AppData\Local\Temp\12fa6b3342214efa5ffe1528b3079bf3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 36
  2⤵
  - Program crash
  PID:1704

memory/756-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download