cfe0d15d2951ba2880f059f85469f86f3fde19355da77ddc1ed90d7a4fae1200

Analysis

max time kernel
118s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 19:55

Target

3990e1a7fdb1126250eadb3968ae5b25.exe
Size

48KB
MD5

3990e1a7fdb1126250eadb3968ae5b25
SHA1

bcf2c449fd9866b5883d1b5397e326d8d16f9879
SHA256

cfe0d15d2951ba2880f059f85469f86f3fde19355da77ddc1ed90d7a4fae1200
SHA512

fd840b12f4c034045c6220bc832d11b938b7cd47731a782918e754a785628e6f68a3f811cc34c5d669f5033bfcc5c03290d13a2db8ba6ce6d46b4ba19fc81647
SSDEEP

768:hVzTAI319fmgDbTIpKd9als2OACyCdmRQw5/DITvYmnDcgFpzrl1srZ0:TAufbTIAYOABR5/kTQA5/rl1srZ0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2752	2648	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2752	2648	3990e1a7fdb1126250eadb3968ae5b25.exe	14
PID 2648 wrote to memory of 2752	2648	3990e1a7fdb1126250eadb3968ae5b25.exe	14
PID 2648 wrote to memory of 2752	2648	3990e1a7fdb1126250eadb3968ae5b25.exe	14
PID 2648 wrote to memory of 2752	2648	3990e1a7fdb1126250eadb3968ae5b25.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 120
1⤵
- Program crash
PID:2752

C:\Users\Admin\AppData\Local\Temp\3990e1a7fdb1126250eadb3968ae5b25.exe
"C:\Users\Admin\AppData\Local\Temp\3990e1a7fdb1126250eadb3968ae5b25.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2648

memory/2648-1-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2648-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2648-2-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download