7df908a3c85466d427ae5a387249861d3ad89c1927a2dea5317c3f96b442e7e9

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 09:32

Target

6419721cdc0d63e3410cd9cbe4c8b6ad.exe
Size

87KB
MD5

6419721cdc0d63e3410cd9cbe4c8b6ad
SHA1

99c9e59eb13ec4115d4d8d8d92daab5ffb3f05d4
SHA256

7df908a3c85466d427ae5a387249861d3ad89c1927a2dea5317c3f96b442e7e9
SHA512

03a78d51223a83651654b70a123c79655842d789c5dea73606b7956cc2897d006a7729e64d245d9c5f3e6bdf14350f666230c46c2dc0bc0cbf08d4fa56cdfb45
SSDEEP

1536:QpzmeW4KjmlE565dIroMNxChcCi9AlZe6H91oCbszsivbH8:2mPdjt6jcoDhcCiE1Lb2Zb8

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2288	2264	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2288	2264	6419721cdc0d63e3410cd9cbe4c8b6ad.exe	16
PID 2264 wrote to memory of 2288	2264	6419721cdc0d63e3410cd9cbe4c8b6ad.exe	16
PID 2264 wrote to memory of 2288	2264	6419721cdc0d63e3410cd9cbe4c8b6ad.exe	16
PID 2264 wrote to memory of 2288	2264	6419721cdc0d63e3410cd9cbe4c8b6ad.exe	16

C:\Users\Admin\AppData\Local\Temp\6419721cdc0d63e3410cd9cbe4c8b6ad.exe
"C:\Users\Admin\AppData\Local\Temp\6419721cdc0d63e3410cd9cbe4c8b6ad.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 128
  2⤵
  - Program crash
  PID:2288

memory/2264-1-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2264-0-0x0000000000220000-0x0000000000233000-memory.dmp

Filesize
76KB

Download