33af24ad161e89d61766dc3e5fdc1c1510bc00adfa4757a113f9775bb445684c

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 08:04

Target

10d2b1082211ce610552d8cdfbc3bd07.exe
Size

120KB
MD5

10d2b1082211ce610552d8cdfbc3bd07
SHA1

1047479704eb12e82d4734ac532262c0f9984230
SHA256

33af24ad161e89d61766dc3e5fdc1c1510bc00adfa4757a113f9775bb445684c
SHA512

9c2aaff3047a0f2ff75d83372134ce9aed591a62b58f7c026e5ed7237c4a8fe928c473cb1c8b170a341c31fba384a524d68eccf426165386ad60c40a1d1d392e
SSDEEP

768:JQxkwifBsIqHpcrkMEYEhA7P4RhAtmaZFb79U9MKAjBEig6/1k21m3uHRdMNDj2Y:J8kwilTEhU4HDa1KkjWXUa21mc/Mue9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2508	2164	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2508	2164	10d2b1082211ce610552d8cdfbc3bd07.exe	28
PID 2164 wrote to memory of 2508	2164	10d2b1082211ce610552d8cdfbc3bd07.exe	28
PID 2164 wrote to memory of 2508	2164	10d2b1082211ce610552d8cdfbc3bd07.exe	28
PID 2164 wrote to memory of 2508	2164	10d2b1082211ce610552d8cdfbc3bd07.exe	28

C:\Users\Admin\AppData\Local\Temp\10d2b1082211ce610552d8cdfbc3bd07.exe
"C:\Users\Admin\AppData\Local\Temp\10d2b1082211ce610552d8cdfbc3bd07.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 88
  2⤵
  - Program crash
  PID:2508

memory/2164-0-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2164-1-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download