8d326ee8c6e3c3e1472b1c2b1fd2fa55751f632b7f833feff3ea3dc73bf188f4

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 08:16

Target

5f132e3ebe3d5818ca18e850c4aeceaf.exe
Size

1.2MB
MD5

5f132e3ebe3d5818ca18e850c4aeceaf
SHA1

520ebe079200127fe9749f6b86b90f79c3bc491f
SHA256

8d326ee8c6e3c3e1472b1c2b1fd2fa55751f632b7f833feff3ea3dc73bf188f4
SHA512

f550323d479fc6c337805698f529b4542f8112045b6546f63673340352821a2f68fd917bf9c4cd42401a078f7c629b7576575197cf7f51d5ed74c1598c617196
SSDEEP

24576:IqdxeOU19wTWoKLAGPP7atIG5AglVLYj5+g2/TJo/gcbLV:ItEKc4rG5AglV8F+//Tq/gcfV

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2600	2000	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2600	2000	5f132e3ebe3d5818ca18e850c4aeceaf.exe	28
PID 2000 wrote to memory of 2600	2000	5f132e3ebe3d5818ca18e850c4aeceaf.exe	28
PID 2000 wrote to memory of 2600	2000	5f132e3ebe3d5818ca18e850c4aeceaf.exe	28
PID 2000 wrote to memory of 2600	2000	5f132e3ebe3d5818ca18e850c4aeceaf.exe	28

C:\Users\Admin\AppData\Local\Temp\5f132e3ebe3d5818ca18e850c4aeceaf.exe
"C:\Users\Admin\AppData\Local\Temp\5f132e3ebe3d5818ca18e850c4aeceaf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 180
  2⤵
  - Program crash
  PID:2600

memory/2000-0-0x0000000001040000-0x000000000116A000-memory.dmp

Filesize
1.2MB

Download