20c0ee2d234e831de1e916b7afbe8ab28bc123f34d4503d87f42db6aad65bd76

Analysis

max time kernel
119s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 11:04

Target

6974ab71b17ceb46574969d04b1ce2d6.exe
Size

460KB
MD5

6974ab71b17ceb46574969d04b1ce2d6
SHA1

7cc9ac3accdc8632122ade09b1f50bc1248a8db7
SHA256

20c0ee2d234e831de1e916b7afbe8ab28bc123f34d4503d87f42db6aad65bd76
SHA512

7413f177785a96c7957f0be20de629931c6f6e5c00c683d2592b502b578f7553262f357f3d6a4bfed7ed32eeacb0b09b4a1a977dbc05e274477b5fe82967a3e7
SSDEEP

6144:k7eKfgEL4YsBr3ip9SUMeTUlVDZPO9TxOyVLBK3q6gyD:k7eK4M4BBr3ip9SiYBZW8yVQPgy

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2436	1964	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2436	1964	6974ab71b17ceb46574969d04b1ce2d6.exe	14
PID 1964 wrote to memory of 2436	1964	6974ab71b17ceb46574969d04b1ce2d6.exe	14
PID 1964 wrote to memory of 2436	1964	6974ab71b17ceb46574969d04b1ce2d6.exe	14
PID 1964 wrote to memory of 2436	1964	6974ab71b17ceb46574969d04b1ce2d6.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 204
1⤵
- Program crash
PID:2436

C:\Users\Admin\AppData\Local\Temp\6974ab71b17ceb46574969d04b1ce2d6.exe
"C:\Users\Admin\AppData\Local\Temp\6974ab71b17ceb46574969d04b1ce2d6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964

memory/1964-0-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1964-1-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download