0eee685adab5597f680adb4235c324c7dee8b516125442ef786a9e1cbc9d5117

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 20:22

Target

1096f8e79b920186887cde5010d7e1b2.exe
Size

55KB
MD5

1096f8e79b920186887cde5010d7e1b2
SHA1

941f0187692a5be4778b723f3cb3661633bd8e6c
SHA256

0eee685adab5597f680adb4235c324c7dee8b516125442ef786a9e1cbc9d5117
SHA512

c6b4aaed0720845afb051555a810e7d84bc20bf65c74f9fd628caba086b5097a5d3890b59d2dcdbf157733fd9589d2b1dc369f779199244bbc480f1f4119cd1b
SSDEEP

768:eMQb8Nnzd8pjnphs45DAUyEoNPfd4BZN9pi0WWFtSe4bXc+2p/1H5yXdnh:bajphsg5XNXX34bM+2L+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3052	2140	WerFault.exe	13

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 3052	2140	1096f8e79b920186887cde5010d7e1b2.exe	17
PID 2140 wrote to memory of 3052	2140	1096f8e79b920186887cde5010d7e1b2.exe	17
PID 2140 wrote to memory of 3052	2140	1096f8e79b920186887cde5010d7e1b2.exe	17
PID 2140 wrote to memory of 3052	2140	1096f8e79b920186887cde5010d7e1b2.exe	17

C:\Users\Admin\AppData\Local\Temp\1096f8e79b920186887cde5010d7e1b2.exe
"C:\Users\Admin\AppData\Local\Temp\1096f8e79b920186887cde5010d7e1b2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 140
  2⤵
  - Program crash
  PID:3052

memory/2140-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2140-1-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download