786e90f7c69acd0f3ee2455c1c238dd27ae9354dbbd2ee6c34340ab988561a07

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 03:18

Target

027b29275f45d53dc57952c82fbebedc.exe
Size

92KB
MD5

027b29275f45d53dc57952c82fbebedc
SHA1

840174e8de57d190ca2813ccdd3b8402153847df
SHA256

786e90f7c69acd0f3ee2455c1c238dd27ae9354dbbd2ee6c34340ab988561a07
SHA512

243490270ae70a7d7ec7ebae255af2e121be1ac5b73b28ff50f08b1681c5a347212a31b67c8abceccebdcbe104f19e7b81f236f5cec04413235b7e692ae4978e
SSDEEP

1536:FkAt653+haDP0k43fhC726WHHVTyZ97kMSEAQsxjs9RFZCYP7:FbfMy7nlyZ979SlQH9r

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1696	1964	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 1696	1964	027b29275f45d53dc57952c82fbebedc.exe	28
PID 1964 wrote to memory of 1696	1964	027b29275f45d53dc57952c82fbebedc.exe	28
PID 1964 wrote to memory of 1696	1964	027b29275f45d53dc57952c82fbebedc.exe	28
PID 1964 wrote to memory of 1696	1964	027b29275f45d53dc57952c82fbebedc.exe	28

C:\Users\Admin\AppData\Local\Temp\027b29275f45d53dc57952c82fbebedc.exe
"C:\Users\Admin\AppData\Local\Temp\027b29275f45d53dc57952c82fbebedc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 88
  2⤵
  - Program crash
  PID:1696

memory/1964-0-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download