33c26dba1ff44ea2c4c78b802e68ff923f359bae1fd37f56b3a82f8eed317788

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 23:12

Target

187f0fe30186bab60edf4e8300e89e47.exe
Size

214KB
MD5

187f0fe30186bab60edf4e8300e89e47
SHA1

b8a3f6a6abcb1cf9144ed64c173998034d211210
SHA256

33c26dba1ff44ea2c4c78b802e68ff923f359bae1fd37f56b3a82f8eed317788
SHA512

b894b494e0b2943901c9c831aff350d3fcbc50aa820e6e9a72cf509d8589d2e233db49a783b57a273686387928ab4b225111895bf02b34e67ec7820262c1b874
SSDEEP

3072:twDi5MHXl8FpmpTkFXId8gM9tR6skIx716ObRVIuzEJkX5dAwUBCcfvE7+iHmt1K:nK6pmVYungsskIy+yWsBxfvE7LL

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2180	2172	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2180	2172	187f0fe30186bab60edf4e8300e89e47.exe	28
PID 2172 wrote to memory of 2180	2172	187f0fe30186bab60edf4e8300e89e47.exe	28
PID 2172 wrote to memory of 2180	2172	187f0fe30186bab60edf4e8300e89e47.exe	28
PID 2172 wrote to memory of 2180	2172	187f0fe30186bab60edf4e8300e89e47.exe	28

C:\Users\Admin\AppData\Local\Temp\187f0fe30186bab60edf4e8300e89e47.exe
"C:\Users\Admin\AppData\Local\Temp\187f0fe30186bab60edf4e8300e89e47.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 36
  2⤵
  - Program crash
  PID:2180

memory/2172-0-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download