f8c8781b939b8bf8675c0494a9c65c0bb3cc130dea2187a85e61ffa3c320b6cd

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 02:03

Target

4b517c42028fb96a2baddee01c617387.exe
Size

95KB
MD5

4b517c42028fb96a2baddee01c617387
SHA1

9f41039a17ae6c6257fde108ab1b242d1b071d7c
SHA256

f8c8781b939b8bf8675c0494a9c65c0bb3cc130dea2187a85e61ffa3c320b6cd
SHA512

62dfd35ade709bf72ddb6039ce4cfca3b3f90144fd6a12ed6083a2b315d83dfc21d9ae5589b0a0b73c40fc21dcf01d18faacc11dbef6c0645ea8da47f25e0147
SSDEEP

768:D06R0UKzOgnKqGR7//GPc0LOBhvBrHks3IiyhDYQbGmxlNaM+WGa1wuxnzgOYw9Y:BR0vxn3Pc0LCH9MtbvabUDzJYWu3B

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2664	2536	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2664	2536	4b517c42028fb96a2baddee01c617387.exe	16
PID 2536 wrote to memory of 2664	2536	4b517c42028fb96a2baddee01c617387.exe	16
PID 2536 wrote to memory of 2664	2536	4b517c42028fb96a2baddee01c617387.exe	16
PID 2536 wrote to memory of 2664	2536	4b517c42028fb96a2baddee01c617387.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 156
1⤵
- Program crash
PID:2664

C:\Users\Admin\AppData\Local\Temp\4b517c42028fb96a2baddee01c617387.exe
"C:\Users\Admin\AppData\Local\Temp\4b517c42028fb96a2baddee01c617387.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2536

memory/2536-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download