3e0532a590bb54d9e320f9601c1621df18f58aad2b9c3b7128206f61ea77d628

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 18:14

Target

33a55a6c4d4a3ec92c1a02e0ffaf03a4.exe
Size

643KB
MD5

33a55a6c4d4a3ec92c1a02e0ffaf03a4
SHA1

03f7f52a4cb056ed94c892364b5e84c78de21be2
SHA256

3e0532a590bb54d9e320f9601c1621df18f58aad2b9c3b7128206f61ea77d628
SHA512

a507c43a60cd8d1e23043035bc726b63b21961933c7d88397744c7c548dce1387474d18275b93b6f0ef38c5ba55bfad9bd31b8dd1dff80ddb6e8271a6da49de5
SSDEEP

3072:EHsEI2dmQbOTZNdxiO5+bn09BQh4pB4Oow28bt4wjupoNPs8SQhN310jD:EM+mhQbGu4pB4OTJ4Qupoy+Nl0jD

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1936	1404	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 1936	1404	33a55a6c4d4a3ec92c1a02e0ffaf03a4.exe	16
PID 1404 wrote to memory of 1936	1404	33a55a6c4d4a3ec92c1a02e0ffaf03a4.exe	16
PID 1404 wrote to memory of 1936	1404	33a55a6c4d4a3ec92c1a02e0ffaf03a4.exe	16
PID 1404 wrote to memory of 1936	1404	33a55a6c4d4a3ec92c1a02e0ffaf03a4.exe	16

C:\Users\Admin\AppData\Local\Temp\33a55a6c4d4a3ec92c1a02e0ffaf03a4.exe
"C:\Users\Admin\AppData\Local\Temp\33a55a6c4d4a3ec92c1a02e0ffaf03a4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 132
  2⤵
  - Program crash
  PID:1936

memory/1404-0-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download