619d9b34e4670403a192cded700042a55093df827186802ebda77c43cde6ae61

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 18:28

Target

3482364bb497c4c34449cd4f5036af69.exe
Size

368KB
MD5

3482364bb497c4c34449cd4f5036af69
SHA1

a90f9c041a9cbee59e2cb31ec48a08e58dfe03d8
SHA256

619d9b34e4670403a192cded700042a55093df827186802ebda77c43cde6ae61
SHA512

7a328e2276da734f5b157a779f11457117939a13dbe3828eaf1a9c8825f8c19b32f75a8be9fa46d508e8bfc40c5c2837d0688cf17871f980e6c669d4e22ca141
SSDEEP

6144:RTAp4naqm5GR/0N4Ftn6vicI8qtQQenKDFujBeqSDgzB8jk3K:R041m5Q/0N4L9xYus1NSD2Cg3K

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2028	3068	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2028	3068	3482364bb497c4c34449cd4f5036af69.exe	14
PID 3068 wrote to memory of 2028	3068	3482364bb497c4c34449cd4f5036af69.exe	14
PID 3068 wrote to memory of 2028	3068	3482364bb497c4c34449cd4f5036af69.exe	14
PID 3068 wrote to memory of 2028	3068	3482364bb497c4c34449cd4f5036af69.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 116
1⤵
- Program crash
PID:2028

C:\Users\Admin\AppData\Local\Temp\3482364bb497c4c34449cd4f5036af69.exe
"C:\Users\Admin\AppData\Local\Temp\3482364bb497c4c34449cd4f5036af69.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3068

memory/3068-0-0x0000000000840000-0x00000000008A0000-memory.dmp

Filesize
384KB

Download