45056a206c67445d14e01ee89ee2bdad1219e34006446ee575808d4317851083

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 09:07

Target

6260398e4ba2cc4c530a2f2561ad5e36.exe
Size

1.3MB
MD5

6260398e4ba2cc4c530a2f2561ad5e36
SHA1

4a0919f3a81d01b09ae5ddfc399be8be282840f8
SHA256

45056a206c67445d14e01ee89ee2bdad1219e34006446ee575808d4317851083
SHA512

b6689c47cb98951ebcbbf6d0d5e0c12410bdd8851119983f035115ec38d422bdd73a170293de825104920521e32f7558a1a3c7f6c5f5bc61f84ea6c317da8fbc
SSDEEP

24576:aWpPugjKhz7yFO/qi/NXNfGCjSLmwsNPd3RgIJBV1Ls2wBPUH:5uPhnyFO/jNd+CjS7sNlKIJBV1Ls2wBW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2904	2960	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2904	2960	6260398e4ba2cc4c530a2f2561ad5e36.exe	28
PID 2960 wrote to memory of 2904	2960	6260398e4ba2cc4c530a2f2561ad5e36.exe	28
PID 2960 wrote to memory of 2904	2960	6260398e4ba2cc4c530a2f2561ad5e36.exe	28
PID 2960 wrote to memory of 2904	2960	6260398e4ba2cc4c530a2f2561ad5e36.exe	28

C:\Users\Admin\AppData\Local\Temp\6260398e4ba2cc4c530a2f2561ad5e36.exe
"C:\Users\Admin\AppData\Local\Temp\6260398e4ba2cc4c530a2f2561ad5e36.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 784
  2⤵
  - Program crash
  PID:2904