e441b24c680ac5f59a97258da83af9115a37dd334db8f43ccacd17508ae7380b

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 23:26

Target

197424ab78e18b63a3f8a2a7c8726e7a.exe
Size

137KB
MD5

197424ab78e18b63a3f8a2a7c8726e7a
SHA1

131170f7f5f343309f0ec599233b9f2e16ccb921
SHA256

e441b24c680ac5f59a97258da83af9115a37dd334db8f43ccacd17508ae7380b
SHA512

959d3ae090248edec91fc6caedf70048fc0ea6dd521959a0d25e51e92b86304fbab89ed2cf210f70adaead7a4e905611452d02d30d2a8dcae410a22513b5b657
SSDEEP

3072:8o1yUcMI/lCwHAWrnRshVuPRL4pezQ5BDoElV4a5bDYN8A:8H/UwHhWiLroV4a1NA

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3040	2372	WerFault.exe	27

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 3016	2372	197424ab78e18b63a3f8a2a7c8726e7a.exe	28
PID 2372 wrote to memory of 3016	2372	197424ab78e18b63a3f8a2a7c8726e7a.exe	28
PID 2372 wrote to memory of 3016	2372	197424ab78e18b63a3f8a2a7c8726e7a.exe	28
PID 2372 wrote to memory of 3016	2372	197424ab78e18b63a3f8a2a7c8726e7a.exe	28
PID 2372 wrote to memory of 3040	2372	197424ab78e18b63a3f8a2a7c8726e7a.exe	29
PID 2372 wrote to memory of 3040	2372	197424ab78e18b63a3f8a2a7c8726e7a.exe	29
PID 2372 wrote to memory of 3040	2372	197424ab78e18b63a3f8a2a7c8726e7a.exe	29
PID 2372 wrote to memory of 3040	2372	197424ab78e18b63a3f8a2a7c8726e7a.exe	29

C:\Users\Admin\AppData\Local\Temp\197424ab78e18b63a3f8a2a7c8726e7a.exe
"C:\Users\Admin\AppData\Local\Temp\197424ab78e18b63a3f8a2a7c8726e7a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Users\Admin\AppData\Local\Temp\197424ab78e18b63a3f8a2a7c8726e7a.exe
  C:\Users\Admin\AppData\Local\Temp\197424ab78e18b63a3f8a2a7c8726e7a.exe
  2⤵
  PID:3016
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 112
  2⤵
  - Program crash
  PID:3040

memory/2372-8-0x0000000000490000-0x0000000000590000-memory.dmp

Filesize
1024KB

Download
memory/2372-10-0x0000000000490000-0x0000000000590000-memory.dmp

Filesize
1024KB

Download
memory/2372-9-0x0000000000490000-0x0000000000590000-memory.dmp

Filesize
1024KB

Download
memory/2372-11-0x0000000000490000-0x0000000000590000-memory.dmp

Filesize
1024KB

Download