649b3e6cdd5ce1d4805cede2243c741d37a4f562c2e0f3572940570a0899c789

Analysis

max time kernel
132s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 19:36

Target

0df8aea5474a2da981d5337188df81f8.exe
Size

57KB
MD5

0df8aea5474a2da981d5337188df81f8
SHA1

ab88af2385fa86b391933bba26fdf9c05ec04a2e
SHA256

649b3e6cdd5ce1d4805cede2243c741d37a4f562c2e0f3572940570a0899c789
SHA512

372ab5df99c43ed3accb93d383007ccfc1bd47f62da47b5c431cde58f1b592b8f8ad4f272c22f401ad6b3d6e0f06a204ca0125957d0ecc04329c650b71cd33ea
SSDEEP

768:Ecn57q8uB7BGdFdN6r95cn57q8uH7BGdFdN6rG:j5GTkd1V5Gtkd1f

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2148	2360	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2148	2360	0df8aea5474a2da981d5337188df81f8.exe	28
PID 2360 wrote to memory of 2148	2360	0df8aea5474a2da981d5337188df81f8.exe	28
PID 2360 wrote to memory of 2148	2360	0df8aea5474a2da981d5337188df81f8.exe	28
PID 2360 wrote to memory of 2148	2360	0df8aea5474a2da981d5337188df81f8.exe	28

C:\Users\Admin\AppData\Local\Temp\0df8aea5474a2da981d5337188df81f8.exe
"C:\Users\Admin\AppData\Local\Temp\0df8aea5474a2da981d5337188df81f8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 208
  2⤵
  - Program crash
  PID:2148

memory/2360-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2360-3-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2360-2-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2360-1-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2360-4-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download