dd173aac458f25bf087cb0ebf9368fb03d7afd49f83a1513727c4a89405be485

Analysis

max time kernel
119s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 12:15

Target

6daee0eae1e92bd5360b11717bc1fd39.exe
Size

413KB
MD5

6daee0eae1e92bd5360b11717bc1fd39
SHA1

7ecfda2ef4c47e649a9fe644a3732b76696689bb
SHA256

dd173aac458f25bf087cb0ebf9368fb03d7afd49f83a1513727c4a89405be485
SHA512

ce45cacc127b7e19e72ce547aecab5fd84b9a5cd2d569097f9b4ca00f8ba995978e77cf45aa49ebffd29572567b155d2e5cef4ff2c7cf0e2288b98a4be89ad69
SSDEEP

6144:MYUTSKe45+GWh9dTX2adDWw1Turojl9IFsANJLmfBrS:MFSr45mh9hrl4roZ9IaBrS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2424	2004	WerFault.exe	18

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2424	2004	6daee0eae1e92bd5360b11717bc1fd39.exe	28
PID 2004 wrote to memory of 2424	2004	6daee0eae1e92bd5360b11717bc1fd39.exe	28
PID 2004 wrote to memory of 2424	2004	6daee0eae1e92bd5360b11717bc1fd39.exe	28
PID 2004 wrote to memory of 2424	2004	6daee0eae1e92bd5360b11717bc1fd39.exe	28

C:\Users\Admin\AppData\Local\Temp\6daee0eae1e92bd5360b11717bc1fd39.exe
"C:\Users\Admin\AppData\Local\Temp\6daee0eae1e92bd5360b11717bc1fd39.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 116
  2⤵
  - Program crash
  PID:2424

memory/2004-0-0x0000000000BD0000-0x0000000000C3B000-memory.dmp

Filesize
428KB

Download