ddd1adeef078cf51d83c6a7c694f0f45ec932b16c4ebcc59b9eef1d0b8417380

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 22:28

Target

4023b1ed39bf1608d2e4b7a55be890e5.exe
Size

422KB
MD5

4023b1ed39bf1608d2e4b7a55be890e5
SHA1

2cfc53ffbd1181c71e2895d7e6bbe01091bf3663
SHA256

ddd1adeef078cf51d83c6a7c694f0f45ec932b16c4ebcc59b9eef1d0b8417380
SHA512

350cc0cad2c046c4880e3c23e4ac0a52be742fcc2455f2be85140728ccfe8074f0fe93ce10be4d52599f4ec38cb50f60bda1606395e8d37767e24f6bb701bd04
SSDEEP

6144:ykB1INZdWaFzaE7mDGg7Y4+MFyBPys80G5sEOi9Ri9na5UVx3:ykBgdW/E7mDGg8xMkBp80GiZa5UVh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2344	1872	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2344	1872	4023b1ed39bf1608d2e4b7a55be890e5.exe	28
PID 1872 wrote to memory of 2344	1872	4023b1ed39bf1608d2e4b7a55be890e5.exe	28
PID 1872 wrote to memory of 2344	1872	4023b1ed39bf1608d2e4b7a55be890e5.exe	28
PID 1872 wrote to memory of 2344	1872	4023b1ed39bf1608d2e4b7a55be890e5.exe	28

C:\Users\Admin\AppData\Local\Temp\4023b1ed39bf1608d2e4b7a55be890e5.exe
"C:\Users\Admin\AppData\Local\Temp\4023b1ed39bf1608d2e4b7a55be890e5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 116
  2⤵
  - Program crash
  PID:2344

memory/1872-0-0x0000000000BD0000-0x0000000000C3E000-memory.dmp

Filesize
440KB

Download