13ee45d9d172ccc507753cd3e0e6c9a00ae969375241a8849a55c3af66535c6b

Analysis

max time kernel
118s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 09:12

Target

62b19dc6dc60c0ecc0793b9b086ebc3a.exe
Size

378KB
MD5

62b19dc6dc60c0ecc0793b9b086ebc3a
SHA1

5f835da970ef055fda8710c8dfedcdf6801c9c9b
SHA256

13ee45d9d172ccc507753cd3e0e6c9a00ae969375241a8849a55c3af66535c6b
SHA512

6dab48e936791360aa53f5f8e951022da36bb846840f0cc8c1c9a75fd93c309b8c3f54590168e7516c28830d621a8c37e84f9fab11f44ef1f974aba070fef2f4
SSDEEP

6144:dL+1g160s26cSfWfMC04ruqSLaoh7D3w684s/RxFVsV9R5xomCVtB6UZCfVI:dL+1g1LYcHruqSLaohnwJBRHeV73C7U

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1236	3024	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 1236	3024	62b19dc6dc60c0ecc0793b9b086ebc3a.exe	28
PID 3024 wrote to memory of 1236	3024	62b19dc6dc60c0ecc0793b9b086ebc3a.exe	28
PID 3024 wrote to memory of 1236	3024	62b19dc6dc60c0ecc0793b9b086ebc3a.exe	28
PID 3024 wrote to memory of 1236	3024	62b19dc6dc60c0ecc0793b9b086ebc3a.exe	28

C:\Users\Admin\AppData\Local\Temp\62b19dc6dc60c0ecc0793b9b086ebc3a.exe
"C:\Users\Admin\AppData\Local\Temp\62b19dc6dc60c0ecc0793b9b086ebc3a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 36
  2⤵
  - Program crash
  PID:1236

memory/3024-0-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download