da68ed807d03b4bc4d9f7e73abcbd2ee09caa5e31ecf946b1570d4510f9325a8

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 04:37

Target

058cbee71f30102b629a1ff181deff05.exe
Size

430KB
MD5

058cbee71f30102b629a1ff181deff05
SHA1

51f8078f8b8b554ca5908fce4ca121b21472bc0a
SHA256

da68ed807d03b4bc4d9f7e73abcbd2ee09caa5e31ecf946b1570d4510f9325a8
SHA512

548a48a8027f649218203867093d48aea34a71043285a6e01349438a14a1632f2e21c65d9d39599bc81edba125088c0668a362bcdfb80abf27e93cc4dc8a50e4
SSDEEP

6144:Ulsy4TNbEm1B1zzqaCh9Ju/2x+vw0b8ajNglS2+gUXpP9YC4r:UdwNIm1B1zzqrh9Jf+btwSfgUnBI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2088	1772	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 2088	1772	058cbee71f30102b629a1ff181deff05.exe	16
PID 1772 wrote to memory of 2088	1772	058cbee71f30102b629a1ff181deff05.exe	16
PID 1772 wrote to memory of 2088	1772	058cbee71f30102b629a1ff181deff05.exe	16
PID 1772 wrote to memory of 2088	1772	058cbee71f30102b629a1ff181deff05.exe	16

C:\Users\Admin\AppData\Local\Temp\058cbee71f30102b629a1ff181deff05.exe
"C:\Users\Admin\AppData\Local\Temp\058cbee71f30102b629a1ff181deff05.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 116
  2⤵
  - Program crash
  PID:2088

memory/1772-0-0x0000000000CA0000-0x0000000000D10000-memory.dmp

Filesize
448KB

Download