3a73c05a57238f797be03508acae65c1ffe984643741e36e304cc09b119beedc

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 11:48

Target

6c00de3fd6803e2816b3a4fd928700d7.exe
Size

172KB
MD5

6c00de3fd6803e2816b3a4fd928700d7
SHA1

c8f7ca9369890bd5f9afaa75f3839cdb1b4fd3b1
SHA256

3a73c05a57238f797be03508acae65c1ffe984643741e36e304cc09b119beedc
SHA512

bf20c8f2b6199afc1b73921b55d9c478677fb89a46c08c7973993e7973ac7d9faaf181aa0b79cf7ff4c5e207fb86960d7a837abb2f234ae54c842388fa05a5ac
SSDEEP

3072:XlRZsAvA6pAp+0nDZSEFUBoRjUpYplyvaGba2VVm+WQpUNsWi:zZy6pAp+0dTmQlypbaAV1WQp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1752	832	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 1752	832	6c00de3fd6803e2816b3a4fd928700d7.exe	28
PID 832 wrote to memory of 1752	832	6c00de3fd6803e2816b3a4fd928700d7.exe	28
PID 832 wrote to memory of 1752	832	6c00de3fd6803e2816b3a4fd928700d7.exe	28
PID 832 wrote to memory of 1752	832	6c00de3fd6803e2816b3a4fd928700d7.exe	28

C:\Users\Admin\AppData\Local\Temp\6c00de3fd6803e2816b3a4fd928700d7.exe
"C:\Users\Admin\AppData\Local\Temp\6c00de3fd6803e2816b3a4fd928700d7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:832
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 164
  2⤵
  - Program crash
  PID:1752

memory/832-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/832-2-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download