15957a80a3cbf97738578bad6e83cca8a9038a143e04c0ce2c6cf514cdb37c08

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 20:34

Target

113aaaebf9bf2f2988ae6bfca4d06ab2.exe
Size

422KB
MD5

113aaaebf9bf2f2988ae6bfca4d06ab2
SHA1

d9955493bbc0b3ac1fa91ff6fe269f5c682e9f5b
SHA256

15957a80a3cbf97738578bad6e83cca8a9038a143e04c0ce2c6cf514cdb37c08
SHA512

8592bfca825b7f08c906ce368320db3cc3fc41bde33e60f15ddb4385694df7ef2c83ce677799364fc9b75a4225653944df21d02ecaed5da9c0d9ce068d42bed8
SSDEEP

6144:ykB1INZdWaFzaE7mDGg7Y4+MFyBPys80G5sEOi9Ri9na5UVx3:ykBgdW/E7mDGg8xMkBp80GiZa5UVh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2316	2984	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 2316	2984	113aaaebf9bf2f2988ae6bfca4d06ab2.exe	28
PID 2984 wrote to memory of 2316	2984	113aaaebf9bf2f2988ae6bfca4d06ab2.exe	28
PID 2984 wrote to memory of 2316	2984	113aaaebf9bf2f2988ae6bfca4d06ab2.exe	28
PID 2984 wrote to memory of 2316	2984	113aaaebf9bf2f2988ae6bfca4d06ab2.exe	28

C:\Users\Admin\AppData\Local\Temp\113aaaebf9bf2f2988ae6bfca4d06ab2.exe
"C:\Users\Admin\AppData\Local\Temp\113aaaebf9bf2f2988ae6bfca4d06ab2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 116
  2⤵
  - Program crash
  PID:2316

memory/2984-0-0x0000000000080000-0x00000000000EE000-memory.dmp

Filesize
440KB

Download