46e31923b64a8036d6916e12b0fab118feb3a93eb05c78855f6443810632a057

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 05:00

Target

067df5ba5851ae83dccd875f285079fb.exe
Size

173KB
MD5

067df5ba5851ae83dccd875f285079fb
SHA1

6975704c21e36c0a0492cde1c62a938146cc6b2b
SHA256

46e31923b64a8036d6916e12b0fab118feb3a93eb05c78855f6443810632a057
SHA512

00efa2435b9340ce1c8c968382f58276071f8491ee12cf129df2e778df7bfd37fda7982b8af761976421a0e32b55518080217db7ec8dfcd15e4eb1b261f3066b
SSDEEP

3072:1pzRNYuluupWyvbOijh7UAoaI52pySvl3nW0CWcscGF8ZHmt4qsUS9:1ZRvupm9UX5WflXW5Wc88wGVUS9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1708	2172	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 1708	2172	067df5ba5851ae83dccd875f285079fb.exe	28
PID 2172 wrote to memory of 1708	2172	067df5ba5851ae83dccd875f285079fb.exe	28
PID 2172 wrote to memory of 1708	2172	067df5ba5851ae83dccd875f285079fb.exe	28
PID 2172 wrote to memory of 1708	2172	067df5ba5851ae83dccd875f285079fb.exe	28

C:\Users\Admin\AppData\Local\Temp\067df5ba5851ae83dccd875f285079fb.exe
"C:\Users\Admin\AppData\Local\Temp\067df5ba5851ae83dccd875f285079fb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 96
  2⤵
  - Program crash
  PID:1708