b65806b880de902b5d5b4ecae531be80c71c7afa01a5a929292d9351b823c640

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 06:54

Target

5aeff37372a067472d03c785673a3a6c.exe
Size

45KB
MD5

5aeff37372a067472d03c785673a3a6c
SHA1

17fd57c1cc4abe6acfa6c9590c0859935450f3fc
SHA256

b65806b880de902b5d5b4ecae531be80c71c7afa01a5a929292d9351b823c640
SHA512

7e897ac17328b586872130d3dec3dfd6f0262d886d6ef2b032a4712461d8e88d16ef4f3c5e16f50b9bff7cec59fab2b0db49ad2a5184a41b546bb6cfa33ae402
SSDEEP

768:vzGyrtyyMZX4TLXipSmkm5BBTIIFkwmEXIfQVysrqcJPU3/1H5XS:vKryMZ7S/IzmtdMqhJY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1568	3024	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 1568	3024	5aeff37372a067472d03c785673a3a6c.exe	28
PID 3024 wrote to memory of 1568	3024	5aeff37372a067472d03c785673a3a6c.exe	28
PID 3024 wrote to memory of 1568	3024	5aeff37372a067472d03c785673a3a6c.exe	28
PID 3024 wrote to memory of 1568	3024	5aeff37372a067472d03c785673a3a6c.exe	28

C:\Users\Admin\AppData\Local\Temp\5aeff37372a067472d03c785673a3a6c.exe
"C:\Users\Admin\AppData\Local\Temp\5aeff37372a067472d03c785673a3a6c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 140
  2⤵
  - Program crash
  PID:1568

memory/3024-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3024-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download