e333872e8fdfc556e8403f654d0827b5b10c17204c4f256c1ff26924a3289d63

Analysis

max time kernel
141s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 12:19

Target

1dcebc870c9268e41919f9977f75c658.exe
Size

76KB
MD5

1dcebc870c9268e41919f9977f75c658
SHA1

e8cc0f46a3f21d7dbf674cfa86b984e1df12b181
SHA256

e333872e8fdfc556e8403f654d0827b5b10c17204c4f256c1ff26924a3289d63
SHA512

fe123faf201923b128502c467c27ded88929ecdb355dd6f7871a164a186ca43521b79b2a95405ed1f28f37e651ca463f82f4cd8e3335023b10a0b17ee7651aee
SSDEEP

1536:u/ePyXHZ7DA4BfBrmTiXvvvUgbFNCuACP1DIgN:seSHZ7DTBfBrB/UgbFNCuAq2C

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2068	2012	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2068	2012	1dcebc870c9268e41919f9977f75c658.exe	21
PID 2012 wrote to memory of 2068	2012	1dcebc870c9268e41919f9977f75c658.exe	21
PID 2012 wrote to memory of 2068	2012	1dcebc870c9268e41919f9977f75c658.exe	21
PID 2012 wrote to memory of 2068	2012	1dcebc870c9268e41919f9977f75c658.exe	21

C:\Users\Admin\AppData\Local\Temp\1dcebc870c9268e41919f9977f75c658.exe
"C:\Users\Admin\AppData\Local\Temp\1dcebc870c9268e41919f9977f75c658.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 108
  2⤵
  - Program crash
  PID:2068

memory/2012-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2012-1-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download