6deffc09f610edf35774ee0bc6225b415d89b7868f7141b05f0ee755ba4916ea

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 17:08

Target

078023586273db5d7c573650bd07c59b.exe
Size

74KB
MD5

078023586273db5d7c573650bd07c59b
SHA1

dde9e9cdbf3cbdcd3e0f29cc9cc3ee77232bcc18
SHA256

6deffc09f610edf35774ee0bc6225b415d89b7868f7141b05f0ee755ba4916ea
SHA512

7153f9b2edc51c6d31ee2b0c26e45fba65b611c9dea3c5398aec6b97eaab7a5c7aa56ce55e7ee13977ffd358560536a8641877fe6a513f80e59321f10c1cc8ba
SSDEEP

768:/Zx9fvq5n0p/tNm2XBwOS5nC6mraP4Z6gTYfsQN5hrt0l/4wsiHoCPHCI7yIYm8:/Zxtm22O62fTYU0t0l5snRJlT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
3060	816	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 3060	816	078023586273db5d7c573650bd07c59b.exe	16
PID 816 wrote to memory of 3060	816	078023586273db5d7c573650bd07c59b.exe	16
PID 816 wrote to memory of 3060	816	078023586273db5d7c573650bd07c59b.exe	16
PID 816 wrote to memory of 3060	816	078023586273db5d7c573650bd07c59b.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 148
1⤵
- Program crash
PID:3060

C:\Users\Admin\AppData\Local\Temp\078023586273db5d7c573650bd07c59b.exe
"C:\Users\Admin\AppData\Local\Temp\078023586273db5d7c573650bd07c59b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:816

memory/816-0-0x0000000000400000-0x000000000041290A-memory.dmp

Filesize
74KB

Download