1b9cf8973551e824bfa3a865216b830056411a0dafb5f901001a03d15fcd5dd7

Analysis

max time kernel
141s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 08:35

Target

12575c0ad20deedeed9280830dcba2b8.exe
Size

504KB
MD5

12575c0ad20deedeed9280830dcba2b8
SHA1

d387e86860fa4333272ca02dc4212f3958dbf352
SHA256

1b9cf8973551e824bfa3a865216b830056411a0dafb5f901001a03d15fcd5dd7
SHA512

a6d8be88e017c4d047eabb97ce406814eb7710197a4889d056d30b7d025150099720a529c26eb35bc91bbf10146426d08a7f9d4e1189c2c40495fdaa4c40f033
SSDEEP

6144:fEgjE3tV3q7ZlVrtv35CPXbo92ynn8sbeWD2/o85/LCSuS5CPXbo92ynnZlVrtvq:pjE9V38HRFbe7w8NL5FHRFbe73

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1756	1064	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1064 wrote to memory of 1756	1064	12575c0ad20deedeed9280830dcba2b8.exe	28
PID 1064 wrote to memory of 1756	1064	12575c0ad20deedeed9280830dcba2b8.exe	28
PID 1064 wrote to memory of 1756	1064	12575c0ad20deedeed9280830dcba2b8.exe	28
PID 1064 wrote to memory of 1756	1064	12575c0ad20deedeed9280830dcba2b8.exe	28

C:\Users\Admin\AppData\Local\Temp\12575c0ad20deedeed9280830dcba2b8.exe
"C:\Users\Admin\AppData\Local\Temp\12575c0ad20deedeed9280830dcba2b8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 140
  2⤵
  - Program crash
  PID:1756

memory/1064-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1064-1-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download