1107e657da36c52a7cae4e72cdc08f6dcf0f009555a9c179b489f821b6e8b1bd

Analysis

max time kernel
122s
max time network
158s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 23:28

Target

433ee7a9e8599de7ccf4dcc20797b4f8.exe
Size

515KB
MD5

433ee7a9e8599de7ccf4dcc20797b4f8
SHA1

8e0e547e684608c6d876f71fb033d6029802302a
SHA256

1107e657da36c52a7cae4e72cdc08f6dcf0f009555a9c179b489f821b6e8b1bd
SHA512

f1c4fd6833f609c497efcc4d8083809caa7792b59464380f9bf7ac62baffb114505965c6d21752533eec470c979805a09c5fb74be98bbfcc3e1d42dfcaf3e09d
SSDEEP

12288:oNlQN66w1RC39vTNig1UD4I3fC6hYY8DrkHjlLycwXQcRBhBbe0j:o0Qg91eBhYWHjlPwXQQ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2992	2820	WerFault.exe	24

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2992	2820	433ee7a9e8599de7ccf4dcc20797b4f8.exe	30
PID 2820 wrote to memory of 2992	2820	433ee7a9e8599de7ccf4dcc20797b4f8.exe	30
PID 2820 wrote to memory of 2992	2820	433ee7a9e8599de7ccf4dcc20797b4f8.exe	30
PID 2820 wrote to memory of 2992	2820	433ee7a9e8599de7ccf4dcc20797b4f8.exe	30

C:\Users\Admin\AppData\Local\Temp\433ee7a9e8599de7ccf4dcc20797b4f8.exe
"C:\Users\Admin\AppData\Local\Temp\433ee7a9e8599de7ccf4dcc20797b4f8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 196
  2⤵
  - Program crash
  PID:2992

memory/2820-0-0x0000000000300000-0x000000000042B000-memory.dmp

Filesize
1.2MB

Download
memory/2820-1-0x0000000000300000-0x000000000042B000-memory.dmp

Filesize
1.2MB

Download