29b9194274ebf7fc0f94bfdcb8902f17568c248665653b87b67ef55048ce98b5

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 10:48

Target

6891e912c0ed56b007c89a0b80709d0d.exe
Size

45KB
MD5

6891e912c0ed56b007c89a0b80709d0d
SHA1

be9e1e0a3694d97762b08fb55c213b8161f50801
SHA256

29b9194274ebf7fc0f94bfdcb8902f17568c248665653b87b67ef55048ce98b5
SHA512

692d04cc2f500f08d2dc06a5d12e9cf658b6470a0ad56525954fa85d9f97493de79c3001f77fcbf5430862635f597cabde574d6cdf4881b930d8e1f1993652c3
SSDEEP

768:hA2MdvGoZNHLKR3RQMaEU2Dhqk/93u94RevcBujpC/4KLUXAzQ6ysI5U2+JCSr6r:y/tGorKR3aMaEFDhHulvcBudCwKyAHyt

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1748	1520	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 1748	1520	6891e912c0ed56b007c89a0b80709d0d.exe	14
PID 1520 wrote to memory of 1748	1520	6891e912c0ed56b007c89a0b80709d0d.exe	14
PID 1520 wrote to memory of 1748	1520	6891e912c0ed56b007c89a0b80709d0d.exe	14
PID 1520 wrote to memory of 1748	1520	6891e912c0ed56b007c89a0b80709d0d.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 140
1⤵
- Program crash
PID:1748

C:\Users\Admin\AppData\Local\Temp\6891e912c0ed56b007c89a0b80709d0d.exe
"C:\Users\Admin\AppData\Local\Temp\6891e912c0ed56b007c89a0b80709d0d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1520

memory/1520-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1520-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download