118fe9602364ea49727604a2221e48d6f4608411d24a6faf6e99f48d5e704a06

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 02:47

Target

00dc0d1d62a49496e5fff2a6ed66cc56.exe
Size

292KB
MD5

00dc0d1d62a49496e5fff2a6ed66cc56
SHA1

23b7e8c7c9eb61ef6b04e2d8530e98ec5d458ed7
SHA256

118fe9602364ea49727604a2221e48d6f4608411d24a6faf6e99f48d5e704a06
SHA512

933745e2eafaa8397f86be2ba0b7ede9e55cce8eafccde22bdbdd8d8b68e9256635ac70ce5f31e5f5b1c22ae8155049e151222fa94a53f123f1e4a3c2851ebd5
SSDEEP

6144:P0cvFvPXLOGqd4xvqpJhBbyPmlSlDpyRuD0oDyGBGx:TvFvvatYvqDhpQJUYAobGx

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1936	1404	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 1936	1404	00dc0d1d62a49496e5fff2a6ed66cc56.exe	16
PID 1404 wrote to memory of 1936	1404	00dc0d1d62a49496e5fff2a6ed66cc56.exe	16
PID 1404 wrote to memory of 1936	1404	00dc0d1d62a49496e5fff2a6ed66cc56.exe	16
PID 1404 wrote to memory of 1936	1404	00dc0d1d62a49496e5fff2a6ed66cc56.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 152
1⤵
- Program crash
PID:1936

C:\Users\Admin\AppData\Local\Temp\00dc0d1d62a49496e5fff2a6ed66cc56.exe
"C:\Users\Admin\AppData\Local\Temp\00dc0d1d62a49496e5fff2a6ed66cc56.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1404

memory/1404-0-0x0000000000D20000-0x0000000000D41000-memory.dmp

Filesize
132KB

Download