e41211f0b88e4f91144a216f4be0c168b73f17a13ed7be632a30b74b078981e6

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 11:48

Target

6bfc03715e8e626556aab735b86cf043.exe
Size

45KB
MD5

6bfc03715e8e626556aab735b86cf043
SHA1

41cbfce7a94a50a67ca9136f706ba09d503243f7
SHA256

e41211f0b88e4f91144a216f4be0c168b73f17a13ed7be632a30b74b078981e6
SHA512

20a2f75e561122624875ef653f7f194225669367c40d73fd60871426ccc22a433ee0c102e0a7b17e58290a90b317ea2803eb4fe872e6e78b0c97228fde23e987
SSDEEP

768:X0XR5iJsuAN39/HlDnF1UPCHYkqWAct0hAM2/90+NTHqvuFiTijsj:X0B5ii7/H5F1UPIqWAG0hX2F0UTHqvn1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2528	1752	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2528	1752	6bfc03715e8e626556aab735b86cf043.exe	14
PID 1752 wrote to memory of 2528	1752	6bfc03715e8e626556aab735b86cf043.exe	14
PID 1752 wrote to memory of 2528	1752	6bfc03715e8e626556aab735b86cf043.exe	14
PID 1752 wrote to memory of 2528	1752	6bfc03715e8e626556aab735b86cf043.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 36
1⤵
- Program crash
PID:2528

C:\Users\Admin\AppData\Local\Temp\6bfc03715e8e626556aab735b86cf043.exe
"C:\Users\Admin\AppData\Local\Temp\6bfc03715e8e626556aab735b86cf043.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1752

memory/1752-0-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download