eb08dd2c975cfa5492b67e98ad542edbaa65c171e8def6a84ff65cef416fef53

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 05:47

Target

09255d78e3daaae8043688b1963f155d.exe
Size

168KB
MD5

09255d78e3daaae8043688b1963f155d
SHA1

a5465cc5cab3291d48854146835bd260e80469c4
SHA256

eb08dd2c975cfa5492b67e98ad542edbaa65c171e8def6a84ff65cef416fef53
SHA512

ef4ca5c4ce69727a223f23a2cdc1efa00a4b08eca696e8474ca0511318263d73acc6eb902bc8985942d8b5a45d5390db69cfb2e1d54ba331d5fc646553b28c50
SSDEEP

3072:VrivnpYpTwF1wzpQzUecBi9ttOZzHUZmXmraF7NNrmg1:VyCV2wzOgB3FHGK+aF7NBJ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2464	1072	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 2464	1072	09255d78e3daaae8043688b1963f155d.exe	26
PID 1072 wrote to memory of 2464	1072	09255d78e3daaae8043688b1963f155d.exe	26
PID 1072 wrote to memory of 2464	1072	09255d78e3daaae8043688b1963f155d.exe	26
PID 1072 wrote to memory of 2464	1072	09255d78e3daaae8043688b1963f155d.exe	26

C:\Users\Admin\AppData\Local\Temp\09255d78e3daaae8043688b1963f155d.exe
"C:\Users\Admin\AppData\Local\Temp\09255d78e3daaae8043688b1963f155d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 168
  2⤵
  - Program crash
  PID:2464

memory/1072-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download