e7ad4cce0288361f5ee6d0eeac38d38fc49af3611b218f22b619b111f8d79567

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 04:40

Target

54ee9470c2a9dd6e7c64c000f945a1f7.exe
Size

236KB
MD5

54ee9470c2a9dd6e7c64c000f945a1f7
SHA1

651131e002821cf5546f6079a4c685092ba5fe99
SHA256

e7ad4cce0288361f5ee6d0eeac38d38fc49af3611b218f22b619b111f8d79567
SHA512

5e5064491597b409fb6a39280e317e26e312d2babb1221fdb744a7634fd1dccc3f770af033d2814a3dd4255b562d61e72b1ea0169d5ece4fc63bbb43a0e627e3
SSDEEP

3072:HaX4jKbM+dFGSo/vwF5fzCt7y2VT8hwG3pGeA2uyXBazTEn+S0:HaXVfo/vwF5LsohFA1xtz

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1836	1852	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 1836	1852	54ee9470c2a9dd6e7c64c000f945a1f7.exe	14
PID 1852 wrote to memory of 1836	1852	54ee9470c2a9dd6e7c64c000f945a1f7.exe	14
PID 1852 wrote to memory of 1836	1852	54ee9470c2a9dd6e7c64c000f945a1f7.exe	14
PID 1852 wrote to memory of 1836	1852	54ee9470c2a9dd6e7c64c000f945a1f7.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 36
1⤵
- Program crash
PID:1836

C:\Users\Admin\AppData\Local\Temp\54ee9470c2a9dd6e7c64c000f945a1f7.exe
"C:\Users\Admin\AppData\Local\Temp\54ee9470c2a9dd6e7c64c000f945a1f7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1852

memory/1852-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download