2a4f7999ca93e79de592957a5f4c66f085f3f9084bf4558b1766e05b30e26d35

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 21:26

Target

3d677ae8acab474b368f2115ec790fc8.exe
Size

22KB
MD5

3d677ae8acab474b368f2115ec790fc8
SHA1

0a0958101736eb5058ec2aaf557f3112ae5bd3cd
SHA256

2a4f7999ca93e79de592957a5f4c66f085f3f9084bf4558b1766e05b30e26d35
SHA512

024ae7258fbe98c60aa362568515b4da0c19ba35b331da773e0c6c76f643bc0e7884a4114df18cabc44cfd70c4474e177798927355b499bff9149a9d0f3d4ae9
SSDEEP

384:bdGB2vDTHD1wufcla3S8HIYnwqgHKchIJngs2mr8MocK8++THd0WEEzvvPFE:gB2PD1g2S2EqEIJngs2mGcK8++T9Pvvi

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2396	2404	WerFault.exe	2

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2396	2404	3d677ae8acab474b368f2115ec790fc8.exe	28
PID 2404 wrote to memory of 2396	2404	3d677ae8acab474b368f2115ec790fc8.exe	28
PID 2404 wrote to memory of 2396	2404	3d677ae8acab474b368f2115ec790fc8.exe	28
PID 2404 wrote to memory of 2396	2404	3d677ae8acab474b368f2115ec790fc8.exe	28

C:\Users\Admin\AppData\Local\Temp\3d677ae8acab474b368f2115ec790fc8.exe
"C:\Users\Admin\AppData\Local\Temp\3d677ae8acab474b368f2115ec790fc8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 88
  2⤵
  - Program crash
  PID:2396

memory/2404-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2404-1-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download