a215b6e9b24c9fbb322fc36cfda39e40e6e5c39a29fcfff32317c24626a10a01

Analysis

max time kernel
142s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 21:08

Target

1265f758786cfd7227aaf5f2fd3c8e32.exe
Size

1.3MB
MD5

1265f758786cfd7227aaf5f2fd3c8e32
SHA1

bb9b9fe2ed9235884292653d8547f014f7c02fb9
SHA256

a215b6e9b24c9fbb322fc36cfda39e40e6e5c39a29fcfff32317c24626a10a01
SHA512

bb7a8dae2572b305ae04c4e671f5cbe4151f0a17f186346234de810517fd2726ff4bd375a12ef4b30afac8ecc7b2976e83da391928ef22398c9faf1241024fa7
SSDEEP

24576:jSYsngzw/GPjRuIPQplW/pV2FQ2sTnSeqNVMG3Ex53WeM:jSHnilRuIPQplW/pIS2YTG3EH36

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2024	1228	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 2024	1228	1265f758786cfd7227aaf5f2fd3c8e32.exe	28
PID 1228 wrote to memory of 2024	1228	1265f758786cfd7227aaf5f2fd3c8e32.exe	28
PID 1228 wrote to memory of 2024	1228	1265f758786cfd7227aaf5f2fd3c8e32.exe	28
PID 1228 wrote to memory of 2024	1228	1265f758786cfd7227aaf5f2fd3c8e32.exe	28

C:\Users\Admin\AppData\Local\Temp\1265f758786cfd7227aaf5f2fd3c8e32.exe
"C:\Users\Admin\AppData\Local\Temp\1265f758786cfd7227aaf5f2fd3c8e32.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 128
  2⤵
  - Program crash
  PID:2024

memory/1228-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1228-1-0x0000000000220000-0x0000000000231000-memory.dmp

Filesize
68KB

Download
memory/1228-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1228-3-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1228-4-0x00000000002E0000-0x00000000002F1000-memory.dmp

Filesize
68KB

Download