132f47025263e4c0ac8b10c8ccc51dfa9d6c04adae1e5d99e4117cf4221a5228

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 12:15

Target

6daec75a79384ea169e863a843a85597.exe
Size

430KB
MD5

6daec75a79384ea169e863a843a85597
SHA1

af496c2ed214a45ed45917fb02972ee17559a71f
SHA256

132f47025263e4c0ac8b10c8ccc51dfa9d6c04adae1e5d99e4117cf4221a5228
SHA512

33fa0be85b07020f7fb1ef571ecd1ee4102937708e4ef9e06487a9cbfa75b54d6ea01e64e8faacb5c2c66df854bc843f2f592391088bbb3169fac710c2a26e3b
SSDEEP

6144:Ulsy4TNbEm1B1zzqaCh9Ju/2x+vw0b8ajNglS2+gUXpP9YC4r:UdwNIm1B1zzqrh9Jf+btwSfgUnBI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2456	1052	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 2456	1052	6daec75a79384ea169e863a843a85597.exe	28
PID 1052 wrote to memory of 2456	1052	6daec75a79384ea169e863a843a85597.exe	28
PID 1052 wrote to memory of 2456	1052	6daec75a79384ea169e863a843a85597.exe	28
PID 1052 wrote to memory of 2456	1052	6daec75a79384ea169e863a843a85597.exe	28

C:\Users\Admin\AppData\Local\Temp\6daec75a79384ea169e863a843a85597.exe
"C:\Users\Admin\AppData\Local\Temp\6daec75a79384ea169e863a843a85597.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 116
  2⤵
  - Program crash
  PID:2456

memory/1052-0-0x0000000000850000-0x00000000008C0000-memory.dmp

Filesize
448KB

Download