c268e08d14a8aa93f8b11eeea2a19826380a11b3995f884505e33f0e8b3f26ab

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 03:31

Target

5088329bec1c36b84c133db1a95f9fc1.exe
Size

42KB
MD5

5088329bec1c36b84c133db1a95f9fc1
SHA1

7a941d7bec464ce0257fb3dc8c816ec3c0cdef61
SHA256

c268e08d14a8aa93f8b11eeea2a19826380a11b3995f884505e33f0e8b3f26ab
SHA512

e89e081637629a7cc09dedb135e0f40f474a6bd005b377baa175d4af04d2552a1aae5c58b9e8ccb001fb3bcd29146751d28338e0bd3e8c8d8cfe694501976565
SSDEEP

384:tTVO1OOMqebu0x2DdXJPxthf74mD+DhWih4QjS/MXF3bz911O74ZjxYctYy0Q:tUEbu0x25thUgsWKjmMh5DZlYcW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1048	1700	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1048	1700	5088329bec1c36b84c133db1a95f9fc1.exe	28
PID 1700 wrote to memory of 1048	1700	5088329bec1c36b84c133db1a95f9fc1.exe	28
PID 1700 wrote to memory of 1048	1700	5088329bec1c36b84c133db1a95f9fc1.exe	28
PID 1700 wrote to memory of 1048	1700	5088329bec1c36b84c133db1a95f9fc1.exe	28

C:\Users\Admin\AppData\Local\Temp\5088329bec1c36b84c133db1a95f9fc1.exe
"C:\Users\Admin\AppData\Local\Temp\5088329bec1c36b84c133db1a95f9fc1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 88
  2⤵
  - Program crash
  PID:1048