f010fe785586b75d5fd18040fa13a94fc9f4d8ae62475787459312b8b1146eab

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 01:43

Target

4a2dc460a1dd097e39589457cc1b6c06.exe
Size

26KB
MD5

4a2dc460a1dd097e39589457cc1b6c06
SHA1

ef7ece2b6ab3a2576c40c35a2c199a19d478d20e
SHA256

f010fe785586b75d5fd18040fa13a94fc9f4d8ae62475787459312b8b1146eab
SHA512

08a89e4a78a565c61f949bbf41cd2e9bdd4d7459e0c63a9f21d34af2ad8a91567bacb2c4e307882f6e6dd12d577c4f71bad90e068d789ccb58e4d1d0fe194db4
SSDEEP

384:JlwQ47AQriyW9RqQLkkO56Bce8CEs270kaH9OeJlSBripdrxuXdKISGiNW:Lsiyq1EOEs270XMlgv8Xd/Z

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1604	1372	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1372 wrote to memory of 1604	1372	4a2dc460a1dd097e39589457cc1b6c06.exe	28
PID 1372 wrote to memory of 1604	1372	4a2dc460a1dd097e39589457cc1b6c06.exe	28
PID 1372 wrote to memory of 1604	1372	4a2dc460a1dd097e39589457cc1b6c06.exe	28
PID 1372 wrote to memory of 1604	1372	4a2dc460a1dd097e39589457cc1b6c06.exe	28

C:\Users\Admin\AppData\Local\Temp\4a2dc460a1dd097e39589457cc1b6c06.exe
"C:\Users\Admin\AppData\Local\Temp\4a2dc460a1dd097e39589457cc1b6c06.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 88
  2⤵
  - Program crash
  PID:1604