11324406b9e9b78ddfaa2ee99c64831bdf91cbd2d9944a03e047dc99feea3609

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 20:12

Target

3a8ca4a19e233c3b3c6d93d9c039dfc1.exe
Size

377KB
MD5

3a8ca4a19e233c3b3c6d93d9c039dfc1
SHA1

b5dfedf4a7228d348e41c16eef699e284bfe3aab
SHA256

11324406b9e9b78ddfaa2ee99c64831bdf91cbd2d9944a03e047dc99feea3609
SHA512

8882ad382d0a96d3d5286ffa4fb926365a790714e57049a2ed091fb40fb61a25b18d2ec1372646cf1724a5d552841d727da05fd87c810e427b5ae7a32ae58c07
SSDEEP

6144:Q9hVwZWw82XP8cr5ILi0HKY2G6Y7YguZusWo1QbyOa0Qn+s92VGsdmJ47C:Q1wZu2XP7r5IDqY2WUL7GYxTJ4m

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2916	3048	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2916	3048	3a8ca4a19e233c3b3c6d93d9c039dfc1.exe	28
PID 3048 wrote to memory of 2916	3048	3a8ca4a19e233c3b3c6d93d9c039dfc1.exe	28
PID 3048 wrote to memory of 2916	3048	3a8ca4a19e233c3b3c6d93d9c039dfc1.exe	28
PID 3048 wrote to memory of 2916	3048	3a8ca4a19e233c3b3c6d93d9c039dfc1.exe	28

C:\Users\Admin\AppData\Local\Temp\3a8ca4a19e233c3b3c6d93d9c039dfc1.exe
"C:\Users\Admin\AppData\Local\Temp\3a8ca4a19e233c3b3c6d93d9c039dfc1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 152
  2⤵
  - Program crash
  PID:2916

memory/3048-0-0x0000000000FB0000-0x0000000000FE8000-memory.dmp

Filesize
224KB

Download