7b9a5cd33e0212a73c97e02316d07e102f257dc26e2cff2ad58289fe2c4c6777

Analysis

max time kernel
142s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 21:30

Target

3d8855b52a92d4c5bfbe14daf70d457e.exe
Size

347KB
MD5

3d8855b52a92d4c5bfbe14daf70d457e
SHA1

1e311778aa26e73ca4dc8eb708a466fd6ace46b9
SHA256

7b9a5cd33e0212a73c97e02316d07e102f257dc26e2cff2ad58289fe2c4c6777
SHA512

9f6e806f6ba1c35dfb89fb66ac513b2be61e7b09d3589f5855b1f94fe148eb3a31690fa55e717f8b6d62e1d00bd3be7e33452bb541ae65ddf8cd082985734b6c
SSDEEP

6144:KDSbWYjTU2105I5IgnKsbZn5zrj+8VK8nQOZTpkealqsDe5nGGKgvY:WS/jT5i5I59p15z0CTWealyK

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2116	2176	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2116	2176	3d8855b52a92d4c5bfbe14daf70d457e.exe	14
PID 2176 wrote to memory of 2116	2176	3d8855b52a92d4c5bfbe14daf70d457e.exe	14
PID 2176 wrote to memory of 2116	2176	3d8855b52a92d4c5bfbe14daf70d457e.exe	14
PID 2176 wrote to memory of 2116	2176	3d8855b52a92d4c5bfbe14daf70d457e.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 88
1⤵
- Program crash
PID:2116

C:\Users\Admin\AppData\Local\Temp\3d8855b52a92d4c5bfbe14daf70d457e.exe
"C:\Users\Admin\AppData\Local\Temp\3d8855b52a92d4c5bfbe14daf70d457e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176

memory/2176-0-0x0000000000400000-0x00000000004CA000-memory.dmp

Filesize
808KB

Download