73a81f4ecab5fafb0a52cadfc02f801082f5f7982110521a67b59bf12cfbab48

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 13:07

Target

2089b5d9e3a8d4e0edf06e7cd62b2f9b.exe
Size

561KB
MD5

2089b5d9e3a8d4e0edf06e7cd62b2f9b
SHA1

eb02f111009450de4cad4b82083901a81ea6b92a
SHA256

73a81f4ecab5fafb0a52cadfc02f801082f5f7982110521a67b59bf12cfbab48
SHA512

73b8cebe3896228155ba762b851da9025956dc7a330b1cd7b65afe8cfd3f833b18fdeae6bd8dba620a8aafe726bc9fb72ca12209e4b73efddaad46dd50397905
SSDEEP

6144:1LfOOftMC9WWnxfSHXWvzETJqdHmOMVrgcbRIkxfJxndIWq6JF6uJp:1RtMCjfCXWLETJItAFbikVLndIxeTD

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2444	2252	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2444	2252	2089b5d9e3a8d4e0edf06e7cd62b2f9b.exe	16
PID 2252 wrote to memory of 2444	2252	2089b5d9e3a8d4e0edf06e7cd62b2f9b.exe	16
PID 2252 wrote to memory of 2444	2252	2089b5d9e3a8d4e0edf06e7cd62b2f9b.exe	16
PID 2252 wrote to memory of 2444	2252	2089b5d9e3a8d4e0edf06e7cd62b2f9b.exe	16

C:\Users\Admin\AppData\Local\Temp\2089b5d9e3a8d4e0edf06e7cd62b2f9b.exe
"C:\Users\Admin\AppData\Local\Temp\2089b5d9e3a8d4e0edf06e7cd62b2f9b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 96
  2⤵
  - Program crash
  PID:2444

memory/2252-0-0x00000000003B0000-0x0000000000410000-memory.dmp

Filesize
384KB

Download
memory/2252-1-0x00000000003B0000-0x0000000000410000-memory.dmp

Filesize
384KB

Download