21cb92c86fa693f21abead263a48e59bbe4be914722588ab0fc02ede08b6a349

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 12:59

Target

707130fd7732a1cb3baa275127f4e8e1.exe
Size

321KB
MD5

707130fd7732a1cb3baa275127f4e8e1
SHA1

afef3e0d6a9106192b86f4c9b6a719636f5143b2
SHA256

21cb92c86fa693f21abead263a48e59bbe4be914722588ab0fc02ede08b6a349
SHA512

06209d4c077ba9a74213b31126f78e880d4ee4f32a76211eb03dbc0fa966fe0a5c67215f56e63c0aace019080fd11fcc8f0bd828c8299a16ba539730b5669b3e
SSDEEP

6144:OTj1OTEKnsub1upoH7td/tQqG56Prd3Z5NBA3r14lJDNIl:OFOoKnsub6oHprG5+3a7STY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2172	1320	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 2172	1320	707130fd7732a1cb3baa275127f4e8e1.exe	16
PID 1320 wrote to memory of 2172	1320	707130fd7732a1cb3baa275127f4e8e1.exe	16
PID 1320 wrote to memory of 2172	1320	707130fd7732a1cb3baa275127f4e8e1.exe	16
PID 1320 wrote to memory of 2172	1320	707130fd7732a1cb3baa275127f4e8e1.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 116
1⤵
- Program crash
PID:2172

C:\Users\Admin\AppData\Local\Temp\707130fd7732a1cb3baa275127f4e8e1.exe
"C:\Users\Admin\AppData\Local\Temp\707130fd7732a1cb3baa275127f4e8e1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1320

memory/1320-0-0x0000000001170000-0x00000000011C5000-memory.dmp

Filesize
340KB

Download