e9d161bb3e547f2bf4662a42772dcdaae365dce2ff00886098105166ce951a5c

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 14:32

Target

011ffc61f8371b48479ebf18b5e76e3f.exe
Size

39KB
MD5

011ffc61f8371b48479ebf18b5e76e3f
SHA1

3244c5f25883c6b0a7544b6587062284adb7fbb0
SHA256

e9d161bb3e547f2bf4662a42772dcdaae365dce2ff00886098105166ce951a5c
SHA512

9c4c49eef628a567428c1470b20e19c904f7625d6ecb0920877364d988c4d856c2973f1ad36b9dacdbebebaedb174ccbe653ad82d794be0fa6e49958e381b4f5
SSDEEP

768:Kaeun77M232GQjolXqS0sV7C6OL7dAXaLJwKx+76qZUZ0lC7ktxV4E5kL0Dkv5L0:KS7M236PS/E/CK2+e6qOZl7M4EWok+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2192	836	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 2192	836	011ffc61f8371b48479ebf18b5e76e3f.exe	28
PID 836 wrote to memory of 2192	836	011ffc61f8371b48479ebf18b5e76e3f.exe	28
PID 836 wrote to memory of 2192	836	011ffc61f8371b48479ebf18b5e76e3f.exe	28
PID 836 wrote to memory of 2192	836	011ffc61f8371b48479ebf18b5e76e3f.exe	28

C:\Users\Admin\AppData\Local\Temp\011ffc61f8371b48479ebf18b5e76e3f.exe
"C:\Users\Admin\AppData\Local\Temp\011ffc61f8371b48479ebf18b5e76e3f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:836
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 164
  2⤵
  - Program crash
  PID:2192

memory/836-0-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/836-1-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/836-2-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/836-3-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download