ecf3460a607660503f3ecbe047ce01ade758eda5097e57ac90508473183517ef

Analysis

max time kernel
122s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 06:48

Target

5ab13230a8c7fda27d2bf21dc8d69206.exe
Size

72KB
MD5

5ab13230a8c7fda27d2bf21dc8d69206
SHA1

888161c184def31726633c0a803d70bb086e014e
SHA256

ecf3460a607660503f3ecbe047ce01ade758eda5097e57ac90508473183517ef
SHA512

dcd2630f087e7690e645b56d6ec12c1a8eb5f2bdd552acc3eb8cc94e81b48564601042e3ebc6dda155ed234bde903028b9836b9561285f72040b9f12223258fe
SSDEEP

768:Ny73T3Ly1l//vOScgDRVVFEMjh9MpvLSsZM+d76HQLM02IU2wM3LD3vfyDMML:NyLcl//WED/HTyLS6Um2M3+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2860	2672	WerFault.exe	11

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2860	2672	5ab13230a8c7fda27d2bf21dc8d69206.exe	28
PID 2672 wrote to memory of 2860	2672	5ab13230a8c7fda27d2bf21dc8d69206.exe	28
PID 2672 wrote to memory of 2860	2672	5ab13230a8c7fda27d2bf21dc8d69206.exe	28
PID 2672 wrote to memory of 2860	2672	5ab13230a8c7fda27d2bf21dc8d69206.exe	28

C:\Users\Admin\AppData\Local\Temp\5ab13230a8c7fda27d2bf21dc8d69206.exe
"C:\Users\Admin\AppData\Local\Temp\5ab13230a8c7fda27d2bf21dc8d69206.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 88
  2⤵
  - Program crash
  PID:2860

memory/2672-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download