3ece6c42c117484bbdf5bbb99bc6285f468026a7337db092eed74752cdd03f5b

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 14:09

Target

24586dcd9350aa88de37d5c153f417f8.exe
Size

757KB
MD5

24586dcd9350aa88de37d5c153f417f8
SHA1

685d6cbbd84f0ece73ae90ebb2227cd94fb8c0b6
SHA256

3ece6c42c117484bbdf5bbb99bc6285f468026a7337db092eed74752cdd03f5b
SHA512

2650cb9a11258e5964d8dba6c445c65e01307ace631b521cce5840e07d949d4eb31d68a93b0326f19a08f746c75887f21926787eab9b189ad2ee3fc4730b57b1
SSDEEP

12288:nLlFprzTUIiY1kKbxJJvQz0llrb5w37AK6ZRNcA766vuU9yv/:LeI31kKb1vC0Lrlw37AKANcA7vWU9y3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2904	2864	WerFault.exe	13

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 2904	2864	24586dcd9350aa88de37d5c153f417f8.exe	28
PID 2864 wrote to memory of 2904	2864	24586dcd9350aa88de37d5c153f417f8.exe	28
PID 2864 wrote to memory of 2904	2864	24586dcd9350aa88de37d5c153f417f8.exe	28
PID 2864 wrote to memory of 2904	2864	24586dcd9350aa88de37d5c153f417f8.exe	28

C:\Users\Admin\AppData\Local\Temp\24586dcd9350aa88de37d5c153f417f8.exe
"C:\Users\Admin\AppData\Local\Temp\24586dcd9350aa88de37d5c153f417f8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 200
  2⤵
  - Program crash
  PID:2904

memory/2864-0-0x0000000000400000-0x00000000004C4111-memory.dmp

Filesize
784KB

Download
memory/2864-1-0x0000000000400000-0x00000000004C4111-memory.dmp

Filesize
784KB

Download