29b38d0fa9fd547e21d489d036c7dd0f44d867b8392145f9814c196b01b076fd

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 19:54

Target

0f11ac2d2651a04818e0fe6ad5e9f96a.exe
Size

75KB
MD5

0f11ac2d2651a04818e0fe6ad5e9f96a
SHA1

b11e8533fd75c53c4c8cc800495725d5a742f2bc
SHA256

29b38d0fa9fd547e21d489d036c7dd0f44d867b8392145f9814c196b01b076fd
SHA512

4fbb9f315ebd73d16a825833c799c0dcdd5a2fc885ef21859d7d9e139dbee1fd1d648c3fd60861899b2fbbb5cd4d24bf8cf53ae959913be41ab0e84eb4934351
SSDEEP

1536:pLrq+nXbwcuY97OgJNCcWtXUOuQoRdbZLcrYd93dVj8My:pfCjgJDWtXUOu//bZ7d3KM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2920	2156	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2920	2156	0f11ac2d2651a04818e0fe6ad5e9f96a.exe	15
PID 2156 wrote to memory of 2920	2156	0f11ac2d2651a04818e0fe6ad5e9f96a.exe	15
PID 2156 wrote to memory of 2920	2156	0f11ac2d2651a04818e0fe6ad5e9f96a.exe	15
PID 2156 wrote to memory of 2920	2156	0f11ac2d2651a04818e0fe6ad5e9f96a.exe	15

C:\Users\Admin\AppData\Local\Temp\0f11ac2d2651a04818e0fe6ad5e9f96a.exe
"C:\Users\Admin\AppData\Local\Temp\0f11ac2d2651a04818e0fe6ad5e9f96a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 88
  2⤵
  - Program crash
  PID:2920

memory/2156-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2156-1-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download