5c7d423038da24d48932e764d431c8fd4a43d81befe3c612cd739344c792f5ea

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 06:38

Target

5a1c6412c1d1f907a181605d5337a1b7.exe
Size

1.9MB
MD5

5a1c6412c1d1f907a181605d5337a1b7
SHA1

352b7b5d60e2c062c81a7c2d6ef17b111f2607ff
SHA256

5c7d423038da24d48932e764d431c8fd4a43d81befe3c612cd739344c792f5ea
SHA512

661840ce723cea99cf7acddfd3070777f13d88d4398c6b811254e44b4cac6b86400ef9019af66b83468d543a3e518c6b569480033e7452eb5ea316aff760e53e
SSDEEP

12288:lEXTnt+9AdQwqJnyv5jUSRn0GEBgGxhxgs9zpmPJFUkDAP9Z/u6NnHKzcuZ9Vvex:t7l4iSRiwY62bC0KVP6FCkSjrSUPmUZA

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2092	2976	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2092	2976	5a1c6412c1d1f907a181605d5337a1b7.exe	16
PID 2976 wrote to memory of 2092	2976	5a1c6412c1d1f907a181605d5337a1b7.exe	16
PID 2976 wrote to memory of 2092	2976	5a1c6412c1d1f907a181605d5337a1b7.exe	16
PID 2976 wrote to memory of 2092	2976	5a1c6412c1d1f907a181605d5337a1b7.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 156
1⤵
- Program crash
PID:2092

C:\Users\Admin\AppData\Local\Temp\5a1c6412c1d1f907a181605d5337a1b7.exe
"C:\Users\Admin\AppData\Local\Temp\5a1c6412c1d1f907a181605d5337a1b7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2976

memory/2976-1-0x0000000000400000-0x00000000005EF000-memory.dmp

Filesize
1.9MB

Download