dc9dbe238abc32968bbd2c1208ee22ffc8381850a8a7d20a57d8c657e90e3b39

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 03:12

Target

022d57a40ebb5e1766854c5bac8abd99.exe
Size

165KB
MD5

022d57a40ebb5e1766854c5bac8abd99
SHA1

ed51cd4366c9bce267b027b30e20ce811fdc097b
SHA256

dc9dbe238abc32968bbd2c1208ee22ffc8381850a8a7d20a57d8c657e90e3b39
SHA512

bcac5ebb643ab04d4abf5d9261a4acfedd3c453399dcbbef0c46432117b44690de0597db0ba8cbc6a702aafd76c6831e21be8864bea68335ed898668e09d34c1
SSDEEP

3072:qiHOgk1pHpPZkUjWVzplLGQhWqT8st5iwpYFEea0rN:POgIPZk1VzplLtt8S5dYo0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1948	2516	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 1948	2516	022d57a40ebb5e1766854c5bac8abd99.exe	14
PID 2516 wrote to memory of 1948	2516	022d57a40ebb5e1766854c5bac8abd99.exe	14
PID 2516 wrote to memory of 1948	2516	022d57a40ebb5e1766854c5bac8abd99.exe	14
PID 2516 wrote to memory of 1948	2516	022d57a40ebb5e1766854c5bac8abd99.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 88
1⤵
- Program crash
PID:1948

C:\Users\Admin\AppData\Local\Temp\022d57a40ebb5e1766854c5bac8abd99.exe
"C:\Users\Admin\AppData\Local\Temp\022d57a40ebb5e1766854c5bac8abd99.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2516

memory/2516-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download