91875e11e8092f793d8a865db06c57fa502d4e0c118260f04ed0ca33f0d10338

Analysis

max time kernel
169s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 21:01

Target

3c9b59f2a1120edd8bf23fdf31ba190f.exe
Size

5.8MB
MD5

3c9b59f2a1120edd8bf23fdf31ba190f
SHA1

2147b9841d88993a1400f2656ac007b3d670a25f
SHA256

91875e11e8092f793d8a865db06c57fa502d4e0c118260f04ed0ca33f0d10338
SHA512

432dec7a2c6b713ec588cd038cf66b7ae73750c1b8df7274991b818ea0c15fab3cf2f777b63f2152d57c64e3b77f8bee71018f5a27cf5996a9e2ec5605ee1d32
SSDEEP

98304:RRma+F7nY1tp40mMlQ7dNxE39DmKsBpJVHKEOiMcgN:CPF7YxPmLdXID7s/bvW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2712	2796	WerFault.exe	28

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 2712	2796	3c9b59f2a1120edd8bf23fdf31ba190f.exe	29
PID 2796 wrote to memory of 2712	2796	3c9b59f2a1120edd8bf23fdf31ba190f.exe	29
PID 2796 wrote to memory of 2712	2796	3c9b59f2a1120edd8bf23fdf31ba190f.exe	29
PID 2796 wrote to memory of 2712	2796	3c9b59f2a1120edd8bf23fdf31ba190f.exe	29

C:\Users\Admin\AppData\Local\Temp\3c9b59f2a1120edd8bf23fdf31ba190f.exe
"C:\Users\Admin\AppData\Local\Temp\3c9b59f2a1120edd8bf23fdf31ba190f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 92
  2⤵
  - Program crash
  PID:2712

memory/2796-0-0x0000000000400000-0x0000000000FAD000-memory.dmp

Filesize
11.7MB

Download