bae7011913851aa805c5989d73eef7804bfe3bd02b08e8ef5b720b4d2a89506e

Analysis

max time kernel
121s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 05:19

Target

077b014d56c06b3819727b88719256bd.exe
Size

368KB
MD5

077b014d56c06b3819727b88719256bd
SHA1

31591f9d7bd76e9b82a7ee90b9b54809415ffb33
SHA256

bae7011913851aa805c5989d73eef7804bfe3bd02b08e8ef5b720b4d2a89506e
SHA512

f85a6fc1019694a92f04fb6e83e3eb6229088481c35c622270723c3e2aa8bab4adc722371562be99a374e20bef0f0d510ce4329f76ef2acc11d0e2851cbe274f
SSDEEP

6144:RTAp4naqm5GR/0N4Ftn6vicI8qtQQenKDFujBeqSDgzB8jk3T:R041m5Q/0N4L9xYus1NSD2Cg3T

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2808	2608	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 2808	2608	077b014d56c06b3819727b88719256bd.exe	15
PID 2608 wrote to memory of 2808	2608	077b014d56c06b3819727b88719256bd.exe	15
PID 2608 wrote to memory of 2808	2608	077b014d56c06b3819727b88719256bd.exe	15
PID 2608 wrote to memory of 2808	2608	077b014d56c06b3819727b88719256bd.exe	15

C:\Users\Admin\AppData\Local\Temp\077b014d56c06b3819727b88719256bd.exe
"C:\Users\Admin\AppData\Local\Temp\077b014d56c06b3819727b88719256bd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 116
  2⤵
  - Program crash
  PID:2808

memory/2608-0-0x0000000000FA0000-0x0000000001000000-memory.dmp

Filesize
384KB

Download