660da9eac432a159ac22a05f9f3efd32435c4a164ba2f194a1d796397c1a80fe

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 00:45

Target

1dea2cc143d4f91c1e7406fd4a5e34e9.exe
Size

24KB
MD5

1dea2cc143d4f91c1e7406fd4a5e34e9
SHA1

c9222a8cc91b575238c0b58a92e4040fd880afa3
SHA256

660da9eac432a159ac22a05f9f3efd32435c4a164ba2f194a1d796397c1a80fe
SHA512

0682fe23bb496d9ec2ed8fd30b386901b5f474cbdf89b1be2475c9d6fd643de28a6900e4a610562f246963c98f00a463850217e421b15df3df36b938e22666ff
SSDEEP

768:BHvZKslVpsCI3DI+WBObrmlzyx62gVp6Cvuh0T3fAO:BHR1Mk+WBiilzyxq7vuh0r

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2016	1988	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 2016	1988	1dea2cc143d4f91c1e7406fd4a5e34e9.exe	14
PID 1988 wrote to memory of 2016	1988	1dea2cc143d4f91c1e7406fd4a5e34e9.exe	14
PID 1988 wrote to memory of 2016	1988	1dea2cc143d4f91c1e7406fd4a5e34e9.exe	14
PID 1988 wrote to memory of 2016	1988	1dea2cc143d4f91c1e7406fd4a5e34e9.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 88
1⤵
- Program crash
PID:2016

C:\Users\Admin\AppData\Local\Temp\1dea2cc143d4f91c1e7406fd4a5e34e9.exe
"C:\Users\Admin\AppData\Local\Temp\1dea2cc143d4f91c1e7406fd4a5e34e9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1988

memory/1988-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download