541055f37141c752c90b2b8bb9f673a26019c64ee9374390d5637f5a8fd341bb

Analysis

max time kernel
159s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 03:19

Target

4fb8e5eef462a3a8483a6691ae376b04.exe
Size

55KB
MD5

4fb8e5eef462a3a8483a6691ae376b04
SHA1

913f53064ab8d41696bcc52fb3e68082a216a0b4
SHA256

541055f37141c752c90b2b8bb9f673a26019c64ee9374390d5637f5a8fd341bb
SHA512

addc68cfff7127f5f343e7eaec75ac29d378490b61171447bc877b3f8decc28869859ae8407f6af7f790b351e37d0f0097c1625581911d1922aa1e8c87995ff4
SSDEEP

1536:mLmCXKTjXCXZICo8TCM0qnDasV/jd+2B22LO2R:KmCX0jXHCosCM0qnD/tJ+kO2R

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2828	2804	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 2828	2804	4fb8e5eef462a3a8483a6691ae376b04.exe	27
PID 2804 wrote to memory of 2828	2804	4fb8e5eef462a3a8483a6691ae376b04.exe	27
PID 2804 wrote to memory of 2828	2804	4fb8e5eef462a3a8483a6691ae376b04.exe	27
PID 2804 wrote to memory of 2828	2804	4fb8e5eef462a3a8483a6691ae376b04.exe	27

C:\Users\Admin\AppData\Local\Temp\4fb8e5eef462a3a8483a6691ae376b04.exe
"C:\Users\Admin\AppData\Local\Temp\4fb8e5eef462a3a8483a6691ae376b04.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 140
  2⤵
  - Program crash
  PID:2828

memory/2804-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2804-1-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download