b4730d938b0023c78652ae6bec7d9328f30a11b5b262f041ff6883a7ec8e38b2

Analysis

max time kernel
117s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 04:07

Target

52eb4f1ce0f269f5495d0eb008e2877d.exe
Size

367KB
MD5

52eb4f1ce0f269f5495d0eb008e2877d
SHA1

cd65f5ac58652509d87dbf6543180e9f671d942c
SHA256

b4730d938b0023c78652ae6bec7d9328f30a11b5b262f041ff6883a7ec8e38b2
SHA512

89a0bfc116e5bbdb71ecefc6de2754caaefbd077e21828ca78929ade8503322f36e55d6783147e97d2655624aaa20859f8eddc75c35a94601f41e9855af08f4e
SSDEEP

6144:rpEcAd/Mm5ZkyUneRTnJOmQ4W4/6zA5K0TzJRCp4xRvKUllD/W13+W:rTAOm5eyUnJmCzAXTzJR3RvK6lCwW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2744	1384	WerFault.exe	9

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 2744	1384	52eb4f1ce0f269f5495d0eb008e2877d.exe	28
PID 1384 wrote to memory of 2744	1384	52eb4f1ce0f269f5495d0eb008e2877d.exe	28
PID 1384 wrote to memory of 2744	1384	52eb4f1ce0f269f5495d0eb008e2877d.exe	28
PID 1384 wrote to memory of 2744	1384	52eb4f1ce0f269f5495d0eb008e2877d.exe	28

C:\Users\Admin\AppData\Local\Temp\52eb4f1ce0f269f5495d0eb008e2877d.exe
"C:\Users\Admin\AppData\Local\Temp\52eb4f1ce0f269f5495d0eb008e2877d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 116
  2⤵
  - Program crash
  PID:2744

memory/1384-0-0x0000000000360000-0x00000000003C0000-memory.dmp

Filesize
384KB

Download