dcd7d7d4601bf4265a4e29ba548323cabfda2cc1c3949ea3b4664f4f0e399aff

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 05:34

Target

578c9a21e209f84ff54e5cd5099a1064.exe
Size

505KB
MD5

578c9a21e209f84ff54e5cd5099a1064
SHA1

1d0c64f45204db46a3d18bbf7e71a21fa3e916c8
SHA256

dcd7d7d4601bf4265a4e29ba548323cabfda2cc1c3949ea3b4664f4f0e399aff
SHA512

7bec8af6e5c240e84fd0ecb619ecc28a6ff7cc74a11b3551b7860e1b0d786dcea2d8047b69523791967c4c275635c68af50a11b415dacd303de653d61873c37a
SSDEEP

12288:je/JAdWuXzeGolTrYKDbRcrrr8uWb3j+q6xGJOp5:jwGdWOeG8TMKDb+rkp/0Gkp5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3032	2988	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 3032	2988	578c9a21e209f84ff54e5cd5099a1064.exe	28
PID 2988 wrote to memory of 3032	2988	578c9a21e209f84ff54e5cd5099a1064.exe	28
PID 2988 wrote to memory of 3032	2988	578c9a21e209f84ff54e5cd5099a1064.exe	28
PID 2988 wrote to memory of 3032	2988	578c9a21e209f84ff54e5cd5099a1064.exe	28

C:\Users\Admin\AppData\Local\Temp\578c9a21e209f84ff54e5cd5099a1064.exe
"C:\Users\Admin\AppData\Local\Temp\578c9a21e209f84ff54e5cd5099a1064.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 204
  2⤵
  - Program crash
  PID:3032

memory/2988-0-0x0000000000400000-0x0000000000565000-memory.dmp

Filesize
1.4MB

Download
memory/2988-1-0x0000000000400000-0x0000000000565000-memory.dmp

Filesize
1.4MB

Download