5f29123206709eaff7d5683b9b5d4c798633c59204e43e048c4d3046894084f9

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 19:52

Target

3962931d2917a1ae9263349606948e4f.exe
Size

28KB
MD5

3962931d2917a1ae9263349606948e4f
SHA1

5680c61b8d0772b83cc1e50a8a33059f725d4990
SHA256

5f29123206709eaff7d5683b9b5d4c798633c59204e43e048c4d3046894084f9
SHA512

11d9e8b93b43355633ed426117cf0d7a6042e0fc8bd614e4f5637cc4e8e0f40e6caa40b687c917c4ecdda8b2b073098820f2105ab203d1a2b360fe0aea3df05b
SSDEEP

96:hHFagnj2s7C7q26AgoTfQfa4ho9SfTPW1+X+huw94woltvj5w1UW:hHognis7CBkfa7QC1tww6bvj5weW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2400	2492	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2400	2492	3962931d2917a1ae9263349606948e4f.exe	28
PID 2492 wrote to memory of 2400	2492	3962931d2917a1ae9263349606948e4f.exe	28
PID 2492 wrote to memory of 2400	2492	3962931d2917a1ae9263349606948e4f.exe	28
PID 2492 wrote to memory of 2400	2492	3962931d2917a1ae9263349606948e4f.exe	28

C:\Users\Admin\AppData\Local\Temp\3962931d2917a1ae9263349606948e4f.exe
"C:\Users\Admin\AppData\Local\Temp\3962931d2917a1ae9263349606948e4f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 88
  2⤵
  - Program crash
  PID:2400

memory/2492-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download