53c8f5acffc32c92146c90159e07c0070eeb221bcd98346a0e7e787f00f74713

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 21:09

Target

1268ee38d89c1afae80f4a494a0b7779.exe
Size

74KB
MD5

1268ee38d89c1afae80f4a494a0b7779
SHA1

6625a13c38026c7bdd018166b8e96631f0f63224
SHA256

53c8f5acffc32c92146c90159e07c0070eeb221bcd98346a0e7e787f00f74713
SHA512

24d256731ce2761d4f3198cca1576fd6b6958b1b4e6f4a7726020d89eb08e966f460650db57744b076e95fb5baba270fe3493585d8c0d46564bed752b00fd7cd
SSDEEP

768:/Zx9fvq5n0p/tNm2XBwOS5nC6mraP4Z6gTYfsQN5hrt0l/4wsiHoCPHCI7yIYmR:/Zxtm22O62fTYU0t0l5snRJlg

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2396	2668	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2396	2668	1268ee38d89c1afae80f4a494a0b7779.exe	28
PID 2668 wrote to memory of 2396	2668	1268ee38d89c1afae80f4a494a0b7779.exe	28
PID 2668 wrote to memory of 2396	2668	1268ee38d89c1afae80f4a494a0b7779.exe	28
PID 2668 wrote to memory of 2396	2668	1268ee38d89c1afae80f4a494a0b7779.exe	28

C:\Users\Admin\AppData\Local\Temp\1268ee38d89c1afae80f4a494a0b7779.exe
"C:\Users\Admin\AppData\Local\Temp\1268ee38d89c1afae80f4a494a0b7779.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 148
  2⤵
  - Program crash
  PID:2396

memory/2668-0-0x0000000000400000-0x000000000041290A-memory.dmp

Filesize
74KB

Download