de03a63e851d292410920cd745194c35e100ccceda95bc0e5d2c3859cf5375d3

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 16:29

Target

2d340908d943c1eab8b17cbcf9dea6eb.exe
Size

430KB
MD5

2d340908d943c1eab8b17cbcf9dea6eb
SHA1

fa2c08d57e4cfa7aef3e018c54e5463d3650bbde
SHA256

de03a63e851d292410920cd745194c35e100ccceda95bc0e5d2c3859cf5375d3
SHA512

7b603152e9109878584d615bd824f523cfc3546e3bfba276fa41d472d12bb927c955cd11aee5554870b2b5306052306c3dd0605366006fe5d73ed38dd397555b
SSDEEP

6144:mYbWW2WDmyUUqK5EhEMDMg48Td50WKtNvGRNxw8QUjw:mhWjmyUUqK5j030TyNC8Q5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1364	1960	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1364	1960	2d340908d943c1eab8b17cbcf9dea6eb.exe	14
PID 1960 wrote to memory of 1364	1960	2d340908d943c1eab8b17cbcf9dea6eb.exe	14
PID 1960 wrote to memory of 1364	1960	2d340908d943c1eab8b17cbcf9dea6eb.exe	14
PID 1960 wrote to memory of 1364	1960	2d340908d943c1eab8b17cbcf9dea6eb.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 116
1⤵
- Program crash
PID:1364

C:\Users\Admin\AppData\Local\Temp\2d340908d943c1eab8b17cbcf9dea6eb.exe
"C:\Users\Admin\AppData\Local\Temp\2d340908d943c1eab8b17cbcf9dea6eb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1960

memory/1960-0-0x0000000000CE0000-0x0000000000D50000-memory.dmp

Filesize
448KB

Download