6285bcedfc756d85af9df13ed73c1ba5f388e73948b7748a79f60ac676ef9ba2

Analysis

max time kernel
119s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 08:22

Target

5f7960f78be58de02100d08232392b05.exe
Size

776KB
MD5

5f7960f78be58de02100d08232392b05
SHA1

d19a7cf89ac71fabd2d831648bd956154fd57dfa
SHA256

6285bcedfc756d85af9df13ed73c1ba5f388e73948b7748a79f60ac676ef9ba2
SHA512

419c8cd2d2bd6e023867cf04c2cc28e23a0b2edcfb640f7fb020c05faafed020080d29c943ace9d575fca245ccd43b73bbdcf66e14f3a76d693129a64ab9f789
SSDEEP

24576:fE6Ehg7mM+M6RkMkIM7tE6Ehm7H6Bp/qVRGu0Hl7:J0g7mM+M6RkMkIM730m7aBcV4bHl7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2272	2916	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2272	2916	5f7960f78be58de02100d08232392b05.exe	27
PID 2916 wrote to memory of 2272	2916	5f7960f78be58de02100d08232392b05.exe	27
PID 2916 wrote to memory of 2272	2916	5f7960f78be58de02100d08232392b05.exe	27
PID 2916 wrote to memory of 2272	2916	5f7960f78be58de02100d08232392b05.exe	27

C:\Users\Admin\AppData\Local\Temp\5f7960f78be58de02100d08232392b05.exe
"C:\Users\Admin\AppData\Local\Temp\5f7960f78be58de02100d08232392b05.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 220
  2⤵
  - Program crash
  PID:2272

memory/2916-0-0x0000000001230000-0x00000000012CC000-memory.dmp

Filesize
624KB

Download