62c38bfa0bb011e449d6b8bd62bfe1d510e5e473de8ddcc6c3b3bb136c6f21c6

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 19:47

Target

392061d835451bcfc8a9869aaa7481e3.exe
Size

104KB
MD5

392061d835451bcfc8a9869aaa7481e3
SHA1

1154691ca43d1ddb360038ab7740add21a3812d0
SHA256

62c38bfa0bb011e449d6b8bd62bfe1d510e5e473de8ddcc6c3b3bb136c6f21c6
SHA512

33b88891cb322b53c878ab4e775c569c527589ee509e6959dd829a7877930ef203d1dc045bb96d4fb697de4a4cf109c51c3a651ad03003f32ca316f6dd0ac07e
SSDEEP

1536:Ri1iUk2Va0vwZzRXk1OJjV5OcI/j6/ju2yjEoXJKXX0JSkRxWMSC7jGN0Wf:RYdkMa8usOxTBI/j6/aBI8uiSiZjGqWf

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1020	1936	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 1020	1936	392061d835451bcfc8a9869aaa7481e3.exe	14
PID 1936 wrote to memory of 1020	1936	392061d835451bcfc8a9869aaa7481e3.exe	14
PID 1936 wrote to memory of 1020	1936	392061d835451bcfc8a9869aaa7481e3.exe	14
PID 1936 wrote to memory of 1020	1936	392061d835451bcfc8a9869aaa7481e3.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 164
1⤵
- Program crash
PID:1020

C:\Users\Admin\AppData\Local\Temp\392061d835451bcfc8a9869aaa7481e3.exe
"C:\Users\Admin\AppData\Local\Temp\392061d835451bcfc8a9869aaa7481e3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1936

memory/1936-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download