c26744705507c284cc40b0fad41d4a751b859f4e45ff366a57cb03f32613e430

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 06:44

Target

5a7fc6f1259a278a92015f35fdb0addc.exe
Size

391KB
MD5

5a7fc6f1259a278a92015f35fdb0addc
SHA1

2c6ccda5ed6155fb3fff20ef2662d0eda717b959
SHA256

c26744705507c284cc40b0fad41d4a751b859f4e45ff366a57cb03f32613e430
SHA512

f2a8915e1225833192a340dc746fa091ef257120d05725c866fbcdf601a2cca08165477d4f75be5f5f1884b9dfbba52161a37b5c9a4cf11140289104de8cf696
SSDEEP

6144:T1hKi6StM9w1olH4Ox/jNRcOpFkAdxAhkoVu3fmR650MQoVr63x:Tqi6UO40jrcMFkyxVau3f91QE6h

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2208	1220	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 2208	1220	5a7fc6f1259a278a92015f35fdb0addc.exe	28
PID 1220 wrote to memory of 2208	1220	5a7fc6f1259a278a92015f35fdb0addc.exe	28
PID 1220 wrote to memory of 2208	1220	5a7fc6f1259a278a92015f35fdb0addc.exe	28
PID 1220 wrote to memory of 2208	1220	5a7fc6f1259a278a92015f35fdb0addc.exe	28

C:\Users\Admin\AppData\Local\Temp\5a7fc6f1259a278a92015f35fdb0addc.exe
"C:\Users\Admin\AppData\Local\Temp\5a7fc6f1259a278a92015f35fdb0addc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 88
  2⤵
  - Program crash
  PID:2208

memory/1220-0-0x00000000002A0000-0x00000000002A9000-memory.dmp

Filesize
36KB

Download