d5c467ebbc0525513ad434bf4db4f7e7358db2e726a5b6c690f309337b73239e

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 08:31

Target

5ffc6c0d0030c06830a397d595de8001.exe
Size

422KB
MD5

5ffc6c0d0030c06830a397d595de8001
SHA1

b648ade8918c3c1f522b515bc88b41a3d8627af8
SHA256

d5c467ebbc0525513ad434bf4db4f7e7358db2e726a5b6c690f309337b73239e
SHA512

7bd105f5cd26a9cf5d4e1b44f357496757759222e4879e6aec906be0ced2f3962368249406ab526a93112929c4710c1870e43a82827142d7be56d157639cd344
SSDEEP

6144:ykB1INZdWaFzaE7mDGg7Y4+MFyBPys80G5sEOi9Ri9na5UVx3:ykBgdW/E7mDGg8xMkBp80GiZa5UVh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1748	1960	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1748	1960	5ffc6c0d0030c06830a397d595de8001.exe	15
PID 1960 wrote to memory of 1748	1960	5ffc6c0d0030c06830a397d595de8001.exe	15
PID 1960 wrote to memory of 1748	1960	5ffc6c0d0030c06830a397d595de8001.exe	15
PID 1960 wrote to memory of 1748	1960	5ffc6c0d0030c06830a397d595de8001.exe	15

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 116
1⤵
- Program crash
PID:1748

C:\Users\Admin\AppData\Local\Temp\5ffc6c0d0030c06830a397d595de8001.exe
"C:\Users\Admin\AppData\Local\Temp\5ffc6c0d0030c06830a397d595de8001.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1960

memory/1960-0-0x00000000010C0000-0x000000000112E000-memory.dmp

Filesize
440KB

Download