5e8600bfc0485ccd649a74864b62c91d82132af1adba0bda8c6882d787c717f7

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 01:50

Target

4a8a67ea993071b55554230c3ce6d422.exe
Size

329KB
MD5

4a8a67ea993071b55554230c3ce6d422
SHA1

07b98ac8e86450f872157d6bd529274818ddda07
SHA256

5e8600bfc0485ccd649a74864b62c91d82132af1adba0bda8c6882d787c717f7
SHA512

3b84c7f5ffa3aced0c6618fbea9d658a492e15f1916583082e9e3715709dfb05659af1e34f3bcee7825876c49b4fdc9ba6b2b3023cac9a80ddadd5d1f031a890
SSDEEP

6144:9NNN+EUQbxcveBwSjsluIpT+6Y79SCvRFT5lRr6E8RwNmRR5Iey:9/cQymBwSjsjpT+6ESCvRx5Hr6E8RwNd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3040	2296	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 3040	2296	4a8a67ea993071b55554230c3ce6d422.exe	28
PID 2296 wrote to memory of 3040	2296	4a8a67ea993071b55554230c3ce6d422.exe	28
PID 2296 wrote to memory of 3040	2296	4a8a67ea993071b55554230c3ce6d422.exe	28
PID 2296 wrote to memory of 3040	2296	4a8a67ea993071b55554230c3ce6d422.exe	28

C:\Users\Admin\AppData\Local\Temp\4a8a67ea993071b55554230c3ce6d422.exe
"C:\Users\Admin\AppData\Local\Temp\4a8a67ea993071b55554230c3ce6d422.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 116
  2⤵
  - Program crash
  PID:3040

memory/2296-0-0x0000000000B50000-0x0000000000BA6000-memory.dmp

Filesize
344KB

Download