b963eb29118d77f6700eb2ae3347adc2b175a96ce2ff1d228a4a5a8089bf1776

Analysis

max time kernel
142s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 17:24

Target

0861e7c4e229e273229dc3a686d001ca.exe
Size

48KB
MD5

0861e7c4e229e273229dc3a686d001ca
SHA1

25206060e78cab3fdd765dfbfab6020cebf0fe79
SHA256

b963eb29118d77f6700eb2ae3347adc2b175a96ce2ff1d228a4a5a8089bf1776
SHA512

3b63405aa084a4176455ded0d279d5342795fc97fa5cd640c3d5b98cfd0da4d7cd6ee5f47dbee864e527b1682807c9aff5a10081522ef8add9799259c6b8fce4
SSDEEP

768:bWxc3UReX3fiTbOxTUCwMfXyDZmhGnI6T0wd5qZKvQENG/GKqKOhxnjbX:mIURSfI8t1a5nzBjHvJNGOKqd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2004	1320	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 2004	1320	0861e7c4e229e273229dc3a686d001ca.exe	28
PID 1320 wrote to memory of 2004	1320	0861e7c4e229e273229dc3a686d001ca.exe	28
PID 1320 wrote to memory of 2004	1320	0861e7c4e229e273229dc3a686d001ca.exe	28
PID 1320 wrote to memory of 2004	1320	0861e7c4e229e273229dc3a686d001ca.exe	28

C:\Users\Admin\AppData\Local\Temp\0861e7c4e229e273229dc3a686d001ca.exe
"C:\Users\Admin\AppData\Local\Temp\0861e7c4e229e273229dc3a686d001ca.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 172
  2⤵
  - Program crash
  PID:2004

memory/1320-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download