7de741bf490ae9c776ae116c0bb235b635efe13160d5a56ab9fdd3224c7a8879

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 08:18

Target

5f30f5ce573bc0ecce07526f5491d12a.exe
Size

148KB
MD5

5f30f5ce573bc0ecce07526f5491d12a
SHA1

867cd079cff91cbfe6edee28846db48535b13fed
SHA256

7de741bf490ae9c776ae116c0bb235b635efe13160d5a56ab9fdd3224c7a8879
SHA512

45c0b4ccc4b922e74e83b4851aa8eb49cf69abd23d5e80ecfcba1ec3e3dc017f8fcdd3d18c96abf8262c5613e83b0543764d21bddb794ee3690fda7472ed6ebe
SSDEEP

3072:A9neaiHWFheVQ25OgT51n4Y3lxNc7uM92lk71ldjuL:A9neBIhgTX4Y1xov92lk71zjuL

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2768	1032	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 2768	1032	5f30f5ce573bc0ecce07526f5491d12a.exe	14
PID 1032 wrote to memory of 2768	1032	5f30f5ce573bc0ecce07526f5491d12a.exe	14
PID 1032 wrote to memory of 2768	1032	5f30f5ce573bc0ecce07526f5491d12a.exe	14
PID 1032 wrote to memory of 2768	1032	5f30f5ce573bc0ecce07526f5491d12a.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 128
1⤵
- Program crash
PID:2768

C:\Users\Admin\AppData\Local\Temp\5f30f5ce573bc0ecce07526f5491d12a.exe
"C:\Users\Admin\AppData\Local\Temp\5f30f5ce573bc0ecce07526f5491d12a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1032

memory/1032-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1032-4-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1032-3-0x0000000000240000-0x000000000024D000-memory.dmp

Filesize
52KB

Download
memory/1032-1-0x0000000000220000-0x0000000000230000-memory.dmp

Filesize
64KB

Download