cfe48cc70b927b207aee5de66e70cd5d9bd88c242ec2601ddef979fbb9d6bba1

Analysis

max time kernel
122s
max time network
156s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 00:05

Target

451c6d0ff8c6d9f0e898bf727cc28038.exe
Size

171KB
MD5

451c6d0ff8c6d9f0e898bf727cc28038
SHA1

449291b68ce0271ffc5250ca8ab4dd3ca29e6236
SHA256

cfe48cc70b927b207aee5de66e70cd5d9bd88c242ec2601ddef979fbb9d6bba1
SHA512

8a749c6fc4c2dc4d98e30496cb1b21e25b301a6650bccde49ca69c26cf01d921942dba1210799219286ec309f2843f0f8894982a3e901dd400566d3b71b6d7a1
SSDEEP

3072:Dl8doxmi5W2uiQ1lpgEACD2DXtEgQINk5iLoAFzcjlKBXaFIQ:34yuiQ5gEACDwWFIi5KCl4g

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2660	2632	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2660	2632	451c6d0ff8c6d9f0e898bf727cc28038.exe	29
PID 2632 wrote to memory of 2660	2632	451c6d0ff8c6d9f0e898bf727cc28038.exe	29
PID 2632 wrote to memory of 2660	2632	451c6d0ff8c6d9f0e898bf727cc28038.exe	29
PID 2632 wrote to memory of 2660	2632	451c6d0ff8c6d9f0e898bf727cc28038.exe	29

C:\Users\Admin\AppData\Local\Temp\451c6d0ff8c6d9f0e898bf727cc28038.exe
"C:\Users\Admin\AppData\Local\Temp\451c6d0ff8c6d9f0e898bf727cc28038.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 36
  2⤵
  - Program crash
  PID:2660

memory/2632-0-0x0000000000160000-0x00000000001AE000-memory.dmp

Filesize
312KB

Download