40bd0666e533d6a75cc14e8df34e3122f25d6d198acda519d3f32bfe88b68dcf

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 13:18

Target

212d21595f59477ba369e3bf2139d1f8.exe
Size

91KB
MD5

212d21595f59477ba369e3bf2139d1f8
SHA1

eb0eda8e32fbeb23fd4f7f15d541a1726e1f0718
SHA256

40bd0666e533d6a75cc14e8df34e3122f25d6d198acda519d3f32bfe88b68dcf
SHA512

ff9fbf83b6635290e50371fe5ba30535838715b0ddb2ce88aac38ae34c80cc803f89d3eeb3731b398588359819c9e6cdf9087580970d462d53b007a90cd41045
SSDEEP

1536:9sikblh4WLb5oW9FnDH+fApdpTBvHir6aOvJ3zhB1EqcCCmmu2Yo6K:9kblbLdo0DH+fKdp5Hy6a0z6qc7ml1K

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2672	2328	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 2672	2328	212d21595f59477ba369e3bf2139d1f8.exe	28
PID 2328 wrote to memory of 2672	2328	212d21595f59477ba369e3bf2139d1f8.exe	28
PID 2328 wrote to memory of 2672	2328	212d21595f59477ba369e3bf2139d1f8.exe	28
PID 2328 wrote to memory of 2672	2328	212d21595f59477ba369e3bf2139d1f8.exe	28

C:\Users\Admin\AppData\Local\Temp\212d21595f59477ba369e3bf2139d1f8.exe
"C:\Users\Admin\AppData\Local\Temp\212d21595f59477ba369e3bf2139d1f8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 140
  2⤵
  - Program crash
  PID:2672

memory/2328-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2328-1-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download