e75a60f7408093c9bded5fc9fb645548a75c8f8edaaa694730569e0c30e6314f

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 04:52

Target

063b40f58adfce0459b4cc4a10bb562c.exe
Size

279KB
MD5

063b40f58adfce0459b4cc4a10bb562c
SHA1

43238b9a8525ea0e35a1b8bbe7f45acf8e9e69c0
SHA256

e75a60f7408093c9bded5fc9fb645548a75c8f8edaaa694730569e0c30e6314f
SHA512

1e3c78e8771a0976d09ca09b30ae29bdcd2dead05a736e8f87c785f078e03ac7158727c38d7e7778396f40bffee3d3b8c8ed5655973c2c1e1ec682051744d717
SSDEEP

6144:g/21+vceJ0nHrdpgG+8tmVgv2sC0rjak8Rg8RL1Q9yxTF:Wk+vceJ2HfgG+26geCaZmS1Q+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2476	1712	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2476	1712	063b40f58adfce0459b4cc4a10bb562c.exe	28
PID 1712 wrote to memory of 2476	1712	063b40f58adfce0459b4cc4a10bb562c.exe	28
PID 1712 wrote to memory of 2476	1712	063b40f58adfce0459b4cc4a10bb562c.exe	28
PID 1712 wrote to memory of 2476	1712	063b40f58adfce0459b4cc4a10bb562c.exe	28

C:\Users\Admin\AppData\Local\Temp\063b40f58adfce0459b4cc4a10bb562c.exe
"C:\Users\Admin\AppData\Local\Temp\063b40f58adfce0459b4cc4a10bb562c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 200
  2⤵
  - Program crash
  PID:2476

memory/1712-0-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download