73ed1097854fb3762e123be4fd9303ba4b129a59681321062d91ad2ae7e22f19

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 16:27

Target

2d11c4ae63d1e59a736a324b8d434c5f.exe
Size

14KB
MD5

2d11c4ae63d1e59a736a324b8d434c5f
SHA1

1008eb9dade943b3c4e4e110e0cc16adb25f209b
SHA256

73ed1097854fb3762e123be4fd9303ba4b129a59681321062d91ad2ae7e22f19
SHA512

2c7fc4dba2ebc0ac7e48397102535d5d3d81957ca1fe8f987b9eb323c4d7b36528dab191183ad833473165faaa4f9c3d7311379ec5c7d2ab6865958ec331a4fd
SSDEEP

192:ibX+LBkOUiWhTv7fspslFvPpkwnZFTBL2Rg8QOY7tJdaADZeEmQiP5VVvcHiiR0J:q+U9Tv7ZP3TBiKO4JlQGXDSXz4oF

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2992	2988	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2992	2988	2d11c4ae63d1e59a736a324b8d434c5f.exe	16
PID 2988 wrote to memory of 2992	2988	2d11c4ae63d1e59a736a324b8d434c5f.exe	16
PID 2988 wrote to memory of 2992	2988	2d11c4ae63d1e59a736a324b8d434c5f.exe	16
PID 2988 wrote to memory of 2992	2988	2d11c4ae63d1e59a736a324b8d434c5f.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 36
1⤵
- Program crash
PID:2992

C:\Users\Admin\AppData\Local\Temp\2d11c4ae63d1e59a736a324b8d434c5f.exe
"C:\Users\Admin\AppData\Local\Temp\2d11c4ae63d1e59a736a324b8d434c5f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2988