fc22211b503b46b232bec11b1d2bbe5c684d03fe91fc5b5cccda29b6f48c87fe

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 16:14

Target

2c3e9600ff63a5450d63f5597ca8eb02.exe
Size

422KB
MD5

2c3e9600ff63a5450d63f5597ca8eb02
SHA1

8a2bc6a4740851fa3aebe055cfd225674b7a8020
SHA256

fc22211b503b46b232bec11b1d2bbe5c684d03fe91fc5b5cccda29b6f48c87fe
SHA512

889cb5a0c8a1ed916dbba925dfcdc88917606eaa75bef6a778e19fed8ae4db7406753cf72a8f86eb004f362f51187517bc1dd7352557009cd1aade69bb16ad6c
SSDEEP

6144:ykB1INZdWaFzaE7mDGg7Y4+MFyBPys80G5sEOi9Ri9na5UVx3:ykBgdW/E7mDGg8xMkBp80GiZa5UVh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1236	2184	WerFault.exe	6

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 1236	2184	2c3e9600ff63a5450d63f5597ca8eb02.exe	16
PID 2184 wrote to memory of 1236	2184	2c3e9600ff63a5450d63f5597ca8eb02.exe	16
PID 2184 wrote to memory of 1236	2184	2c3e9600ff63a5450d63f5597ca8eb02.exe	16
PID 2184 wrote to memory of 1236	2184	2c3e9600ff63a5450d63f5597ca8eb02.exe	16

C:\Users\Admin\AppData\Local\Temp\2c3e9600ff63a5450d63f5597ca8eb02.exe
"C:\Users\Admin\AppData\Local\Temp\2c3e9600ff63a5450d63f5597ca8eb02.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 116
  2⤵
  - Program crash
  PID:1236

memory/2184-0-0x0000000001200000-0x000000000126E000-memory.dmp

Filesize
440KB

Download