74f60df2f4d78a6fd83a9b09bedcebb052143df47939c490410bd04b63473d8b

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 03:49

Target

51b34c6687231e9bb20d4ff1fea64deb.exe
Size

262KB
MD5

51b34c6687231e9bb20d4ff1fea64deb
SHA1

52483cb36d5b61ae178fffece448a9e9328d12c4
SHA256

74f60df2f4d78a6fd83a9b09bedcebb052143df47939c490410bd04b63473d8b
SHA512

9f87ad157f36c4bffc83019ad4ca0eaaf3ac485ca215277128f6274e162c67ce31a4940be2a1e458725b9e25d877c9face467c8a981ec9ce3c6c7dcc127cae1b
SSDEEP

6144:iZW+jCzl9JmUmM8sgpkIhO0yi9zRFI86qJqlgLzh6JFqi2btI95b:WZjC5aHsEkIkgRFvKK4JwZt4b

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1876	1212	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 1876	1212	51b34c6687231e9bb20d4ff1fea64deb.exe	17
PID 1212 wrote to memory of 1876	1212	51b34c6687231e9bb20d4ff1fea64deb.exe	17
PID 1212 wrote to memory of 1876	1212	51b34c6687231e9bb20d4ff1fea64deb.exe	17
PID 1212 wrote to memory of 1876	1212	51b34c6687231e9bb20d4ff1fea64deb.exe	17

C:\Users\Admin\AppData\Local\Temp\51b34c6687231e9bb20d4ff1fea64deb.exe
"C:\Users\Admin\AppData\Local\Temp\51b34c6687231e9bb20d4ff1fea64deb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 44
  2⤵
  - Program crash
  PID:1876