8fddca1f5c638ce82b8b20dd77cef248474fd4c0c9d60f0d933d5868c154a5ec

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 11:57

Target

6c97c0e3c5ecf8d710f0fcb4c629ab3a.exe
Size

20KB
MD5

6c97c0e3c5ecf8d710f0fcb4c629ab3a
SHA1

182c18c354db7158d6ba8a09e5e544dfa84256d8
SHA256

8fddca1f5c638ce82b8b20dd77cef248474fd4c0c9d60f0d933d5868c154a5ec
SHA512

3a2fe552a65aa397c1dd048a298c198ca060b9162d056b327b0e7a6bf7d4105a76836d2adf70e51791ad9d82ce9ef139c8b3a3e922e749e169dc53eaa449db76
SSDEEP

192:akqPqDjBJciv0svTF7MqoSuOTnIdYT+Sh8Fvap7EF+1:a4HBJB8svTF4qoKnLBQvapf

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1104	1072	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 1104	1072	6c97c0e3c5ecf8d710f0fcb4c629ab3a.exe	24
PID 1072 wrote to memory of 1104	1072	6c97c0e3c5ecf8d710f0fcb4c629ab3a.exe	24
PID 1072 wrote to memory of 1104	1072	6c97c0e3c5ecf8d710f0fcb4c629ab3a.exe	24
PID 1072 wrote to memory of 1104	1072	6c97c0e3c5ecf8d710f0fcb4c629ab3a.exe	24

C:\Users\Admin\AppData\Local\Temp\6c97c0e3c5ecf8d710f0fcb4c629ab3a.exe
"C:\Users\Admin\AppData\Local\Temp\6c97c0e3c5ecf8d710f0fcb4c629ab3a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 88
  2⤵
  - Program crash
  PID:1104