ebede3f970df1f7e2cc672d4a438124c1ad087c97eccca9c6d5181f9303b0ebd

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 23:52

Target

44776571085261b9d5ffb76c7ae4257f.exe
Size

367KB
MD5

44776571085261b9d5ffb76c7ae4257f
SHA1

f0b8d8b093ced9c19dbc329e411af2aba1fbb8a4
SHA256

ebede3f970df1f7e2cc672d4a438124c1ad087c97eccca9c6d5181f9303b0ebd
SHA512

a0220c58de764213eadfbaa2ecd3383dd0ceb098c85960b7ec6a694eaaa199bda192a19e3ac580b8336557ee801255912b0d8d4f1fbc200fc4569075ea28c7e6
SSDEEP

6144:rpEcAd/Mm5ZkyUneRTnJOmQ4W4/6zA5K0TzJRCp4xRvKUllD/W13+5B:rTAOm5eyUnJmCzAXTzJR3RvK6lCw5B

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2200	616	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 616 wrote to memory of 2200	616	44776571085261b9d5ffb76c7ae4257f.exe	28
PID 616 wrote to memory of 2200	616	44776571085261b9d5ffb76c7ae4257f.exe	28
PID 616 wrote to memory of 2200	616	44776571085261b9d5ffb76c7ae4257f.exe	28
PID 616 wrote to memory of 2200	616	44776571085261b9d5ffb76c7ae4257f.exe	28

C:\Users\Admin\AppData\Local\Temp\44776571085261b9d5ffb76c7ae4257f.exe
"C:\Users\Admin\AppData\Local\Temp\44776571085261b9d5ffb76c7ae4257f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:616
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 116
  2⤵
  - Program crash
  PID:2200

memory/616-0-0x0000000000DB0000-0x0000000000E10000-memory.dmp

Filesize
384KB

Download