2b141e7e57dce6178de212c213f3ac0b584d4eab4d5834b37403b898298e83ee

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 03:16

Target

0267eebb45c0eb913ac27dd1b4b7c2ad.exe
Size

367KB
MD5

0267eebb45c0eb913ac27dd1b4b7c2ad
SHA1

f49541b1b3f84ca2d14a160f6080a883814db2ac
SHA256

2b141e7e57dce6178de212c213f3ac0b584d4eab4d5834b37403b898298e83ee
SHA512

394186eb3aa352603e22930e5d357395032328ede773c363145ec0e33e86c1a35d3b690e0e8522888b13d18936a97a0c688f336951ba08ea4056f214ca56acef
SSDEEP

6144:211rg9/dHIm5gx8ISWIrPTka9ZhuGQT2+LwTdSv+qEMxpASjTnr:2c9/um5i8ISpkcxeAF4xpAST

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2916	3044	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2916	3044	0267eebb45c0eb913ac27dd1b4b7c2ad.exe	28
PID 3044 wrote to memory of 2916	3044	0267eebb45c0eb913ac27dd1b4b7c2ad.exe	28
PID 3044 wrote to memory of 2916	3044	0267eebb45c0eb913ac27dd1b4b7c2ad.exe	28
PID 3044 wrote to memory of 2916	3044	0267eebb45c0eb913ac27dd1b4b7c2ad.exe	28

C:\Users\Admin\AppData\Local\Temp\0267eebb45c0eb913ac27dd1b4b7c2ad.exe
"C:\Users\Admin\AppData\Local\Temp\0267eebb45c0eb913ac27dd1b4b7c2ad.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 116
  2⤵
  - Program crash
  PID:2916

memory/3044-0-0x0000000000F80000-0x0000000000FE0000-memory.dmp

Filesize
384KB

Download