07b3ecb273487880e36954e9dcd42ede26e29782858005788574c89391de83b0

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 10:35

Target

67ae7757a9a205eb0a328e8de6ffcdca.exe
Size

321KB
MD5

67ae7757a9a205eb0a328e8de6ffcdca
SHA1

4b96f1a56c0b4b9d6d35e7edbe000b04ff22c739
SHA256

07b3ecb273487880e36954e9dcd42ede26e29782858005788574c89391de83b0
SHA512

27a4a3b38e84ef82ebeb6df2cd2ea24a3d717a4685f4585030488624d0432fd47c9b8592d505c6d230b64f27ec12b9eb30230d582648fd6d5811f370685d3488
SSDEEP

6144:OTj1OTEKnsub1upoH7td/tQqG56Prd3Z5NBA3r14lJDNIl:OFOoKnsub6oHprG5+3a7STY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2996	2976	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2996	2976	67ae7757a9a205eb0a328e8de6ffcdca.exe	16
PID 2976 wrote to memory of 2996	2976	67ae7757a9a205eb0a328e8de6ffcdca.exe	16
PID 2976 wrote to memory of 2996	2976	67ae7757a9a205eb0a328e8de6ffcdca.exe	16
PID 2976 wrote to memory of 2996	2976	67ae7757a9a205eb0a328e8de6ffcdca.exe	16

C:\Users\Admin\AppData\Local\Temp\67ae7757a9a205eb0a328e8de6ffcdca.exe
"C:\Users\Admin\AppData\Local\Temp\67ae7757a9a205eb0a328e8de6ffcdca.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 116
  2⤵
  - Program crash
  PID:2996

memory/2976-0-0x00000000000A0000-0x00000000000F5000-memory.dmp

Filesize
340KB

Download