74404c970e1d0b24c74dd22edc2fb326eb938af1f82bbafca7506deb74a75873

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 11:40

Target

1b83e6682e260c8d5e64894f1ef583cf.exe
Size

430KB
MD5

1b83e6682e260c8d5e64894f1ef583cf
SHA1

65e3d23d4d47e6214177f7b3b0fe3c513c111322
SHA256

74404c970e1d0b24c74dd22edc2fb326eb938af1f82bbafca7506deb74a75873
SHA512

29405e5c70e428c321a9503ab7efd03979beca91cef37f9f03a0aa1072006e7a14044e49a2ca1e1077ef0e851cfdf508b14a8b404c98e9e053780ce404384169
SSDEEP

6144:Ulsy4TNbEm1B1zzqaCh9Ju/2x+vw0b8ajNglS2+gUXpP9YC4r:UdwNIm1B1zzqrh9Jf+btwSfgUnBI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
3048	3044	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 3048	3044	1b83e6682e260c8d5e64894f1ef583cf.exe	16
PID 3044 wrote to memory of 3048	3044	1b83e6682e260c8d5e64894f1ef583cf.exe	16
PID 3044 wrote to memory of 3048	3044	1b83e6682e260c8d5e64894f1ef583cf.exe	16
PID 3044 wrote to memory of 3048	3044	1b83e6682e260c8d5e64894f1ef583cf.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 116
1⤵
- Program crash
PID:3048

C:\Users\Admin\AppData\Local\Temp\1b83e6682e260c8d5e64894f1ef583cf.exe
"C:\Users\Admin\AppData\Local\Temp\1b83e6682e260c8d5e64894f1ef583cf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3044

memory/3044-0-0x00000000013B0000-0x0000000001420000-memory.dmp

Filesize
448KB

Download