04c2d8ae7a51d09d5ceec4db7befdf48fc9add235b0f9ac75c42b4356f4b2f2d

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 23:00

Target

41ca83607c44ed1298b7e1a99f24fd7c.exe
Size

375KB
MD5

41ca83607c44ed1298b7e1a99f24fd7c
SHA1

da9dd4c834a4792bde71a3d19fe4e476651d031e
SHA256

04c2d8ae7a51d09d5ceec4db7befdf48fc9add235b0f9ac75c42b4356f4b2f2d
SHA512

7b466fe884d52f2b6f761cbc8240b3a8e772be0c92b0f22b0f93adb1de1bcf383798adad0f41fda26559846ac102b4936f2c44d0820db9a7ab6deb6ea83c8a99
SSDEEP

6144:okI63401hQVD+O2ADoaoej8TX0pwJcq+p1n5Km5SoRHrwHxsKtacbhu:NI300VD+O2kdoej8TX0pIfkKm5XR0Hx0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2220	3060	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2220	3060	41ca83607c44ed1298b7e1a99f24fd7c.exe	28
PID 3060 wrote to memory of 2220	3060	41ca83607c44ed1298b7e1a99f24fd7c.exe	28
PID 3060 wrote to memory of 2220	3060	41ca83607c44ed1298b7e1a99f24fd7c.exe	28
PID 3060 wrote to memory of 2220	3060	41ca83607c44ed1298b7e1a99f24fd7c.exe	28

C:\Users\Admin\AppData\Local\Temp\41ca83607c44ed1298b7e1a99f24fd7c.exe
"C:\Users\Admin\AppData\Local\Temp\41ca83607c44ed1298b7e1a99f24fd7c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 124
  2⤵
  - Program crash
  PID:2220

memory/3060-0-0x0000000000330000-0x0000000000367000-memory.dmp

Filesize
220KB

Download