123da5de1bc12b484fa460fa3a4368528220fbc25dd9b68102c824dd130fd1d8

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 01:18

Target

1fe5df6ccc6c78cd31bf64b1d0cdba38.exe
Size

319KB
MD5

1fe5df6ccc6c78cd31bf64b1d0cdba38
SHA1

3e98f81d37259ea14f4b3fe727ea554128a43fe3
SHA256

123da5de1bc12b484fa460fa3a4368528220fbc25dd9b68102c824dd130fd1d8
SHA512

c299ec5975d7ca35ac4dc140acacd4840eb43921c0df564d4a33348280f1d7e7a2c38185396ef7b0778b4c0794840426bee2a73e01239bb67162b2af84125557
SSDEEP

6144:u9qaGKbqKOL4gkmvWcVYUjGlH+DtL1UzjzEr5s3bkQwxiK504NY:usa1bqKOEnmvoKK+D7iU1sksKs

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
3032	2672	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 3032	2672	1fe5df6ccc6c78cd31bf64b1d0cdba38.exe	14
PID 2672 wrote to memory of 3032	2672	1fe5df6ccc6c78cd31bf64b1d0cdba38.exe	14
PID 2672 wrote to memory of 3032	2672	1fe5df6ccc6c78cd31bf64b1d0cdba38.exe	14
PID 2672 wrote to memory of 3032	2672	1fe5df6ccc6c78cd31bf64b1d0cdba38.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 120
1⤵
- Program crash
PID:3032

C:\Users\Admin\AppData\Local\Temp\1fe5df6ccc6c78cd31bf64b1d0cdba38.exe
"C:\Users\Admin\AppData\Local\Temp\1fe5df6ccc6c78cd31bf64b1d0cdba38.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2672

memory/2672-0-0x00000000008A0000-0x00000000008C9000-memory.dmp

Filesize
164KB

Download