16bc0c8dfdf84ca187b6c7f6a01876358fccda7eb6e58d9e4b6cbde0be381d5e

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 21:56

Target

140fbd05ebe0a77ffbda49890df216ed.exe
Size

438KB
MD5

140fbd05ebe0a77ffbda49890df216ed
SHA1

6ce2f5718ea4e6d84a86875f98589c38d3c9854a
SHA256

16bc0c8dfdf84ca187b6c7f6a01876358fccda7eb6e58d9e4b6cbde0be381d5e
SHA512

885e313676b3b0a6d7d1fc63d5851bdec6a1cd545788b91e8b0260a0f2f49dc656384c14d4ff524ddfda158dbbadfd2d63e487f121f7c41868af8189db1f29a7
SSDEEP

6144:k+5mBWIOZlpmD7C4u5tG/MyB0F9ybz0yZTivW/STsFs/bp:k+5mBfAmPC4u5c/MES9yXZTxYp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2972	2348	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2972	2348	140fbd05ebe0a77ffbda49890df216ed.exe	15
PID 2348 wrote to memory of 2972	2348	140fbd05ebe0a77ffbda49890df216ed.exe	15
PID 2348 wrote to memory of 2972	2348	140fbd05ebe0a77ffbda49890df216ed.exe	15
PID 2348 wrote to memory of 2972	2348	140fbd05ebe0a77ffbda49890df216ed.exe	15

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 100
1⤵
- Program crash
PID:2972

C:\Users\Admin\AppData\Local\Temp\140fbd05ebe0a77ffbda49890df216ed.exe
"C:\Users\Admin\AppData\Local\Temp\140fbd05ebe0a77ffbda49890df216ed.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2348

memory/2348-0-0x00000000010B0000-0x00000000010F7000-memory.dmp

Filesize
284KB

Download
memory/2348-1-0x00000000010B0000-0x00000000010F7000-memory.dmp

Filesize
284KB

Download