f13cc74ece0910d62873aa2428ebf2002b2eacb7461a66b09be81055bb798515

Analysis

max time kernel
119s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 06:21

Target

0b3f560a20d8429eee540c3cdaf4cc90.exe
Size

511KB
MD5

0b3f560a20d8429eee540c3cdaf4cc90
SHA1

6e1a407362adcf1329cd3ecde4c6a4c8fe041417
SHA256

f13cc74ece0910d62873aa2428ebf2002b2eacb7461a66b09be81055bb798515
SHA512

131d4a3eac9f818f3156c8ed493d6ae52d2a9e86e147ba5724d91bf93a38e392ad582fef1162f44c6f506f2525e337c666fe14f9763c04b5df44405f6d6e5e3d
SSDEEP

12288:V8NgfPGl5a/vRlVuuG9/T5qZEeF01JynkFlKlIhON9pwGkP5:VIa/vo0ZZ01JyqlKlIQN9pwXP5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1664	2572	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 1664	2572	0b3f560a20d8429eee540c3cdaf4cc90.exe	28
PID 2572 wrote to memory of 1664	2572	0b3f560a20d8429eee540c3cdaf4cc90.exe	28
PID 2572 wrote to memory of 1664	2572	0b3f560a20d8429eee540c3cdaf4cc90.exe	28
PID 2572 wrote to memory of 1664	2572	0b3f560a20d8429eee540c3cdaf4cc90.exe	28

C:\Users\Admin\AppData\Local\Temp\0b3f560a20d8429eee540c3cdaf4cc90.exe
"C:\Users\Admin\AppData\Local\Temp\0b3f560a20d8429eee540c3cdaf4cc90.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 168
  2⤵
  - Program crash
  PID:1664

memory/2572-0-0x0000000000220000-0x00000000002A3000-memory.dmp

Filesize
524KB

Download