140217ff4384c1b8341ce573761be4550ab32e09af482ba6021c9ca60c33751a

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 11:48

Target

6bfcd925f586be6f9fb9cb965c8fb13c.exe
Size

529KB
MD5

6bfcd925f586be6f9fb9cb965c8fb13c
SHA1

9c98795ded1761194d6692bc58cac1594442a519
SHA256

140217ff4384c1b8341ce573761be4550ab32e09af482ba6021c9ca60c33751a
SHA512

9a105ca7931e07d48f86f31b302ad11787f6482140b15238e5aea1e8d7c9fe7591a98cd62704857f1fa9e8df7221457f039bd55d8b50cf75e74d6296ebbe8424
SSDEEP

12288:WQ652sstfrVAFuynA7FD65dIN5sCN9GObU1yitcavD9/Kp+OpSytEUqgnhP/56t:Wn4AFFp/C9U1yi5vx/KVpSaEUBnhPC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2884	2536	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2884	2536	6bfcd925f586be6f9fb9cb965c8fb13c.exe	28
PID 2536 wrote to memory of 2884	2536	6bfcd925f586be6f9fb9cb965c8fb13c.exe	28
PID 2536 wrote to memory of 2884	2536	6bfcd925f586be6f9fb9cb965c8fb13c.exe	28
PID 2536 wrote to memory of 2884	2536	6bfcd925f586be6f9fb9cb965c8fb13c.exe	28

C:\Users\Admin\AppData\Local\Temp\6bfcd925f586be6f9fb9cb965c8fb13c.exe
"C:\Users\Admin\AppData\Local\Temp\6bfcd925f586be6f9fb9cb965c8fb13c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 168
  2⤵
  - Program crash
  PID:2884

memory/2536-0-0x00000000000D0000-0x0000000000156000-memory.dmp

Filesize
536KB

Download