e318bf6e6a8de148d9fcef7867fd3e49aa931c0a289fe26ef7477ab04b19fdd9

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 14:04

Target

742f4f5bbca6930beccf3868d830738b.exe
Size

413KB
MD5

742f4f5bbca6930beccf3868d830738b
SHA1

da0666faa57afab414b275d7ce9dc67774d149f4
SHA256

e318bf6e6a8de148d9fcef7867fd3e49aa931c0a289fe26ef7477ab04b19fdd9
SHA512

9d9842940f813c0490f57de3d394bd38038c752cc2d1493d93a09675180cf74941e094cb0728a5df0234b8554d4b8ec4e4ffcd8bbea1e4432a0a5450da1b6047
SSDEEP

6144:MYUTSKe45+GWh9dTX2adDWw1Turojl9IFsANJLmfBrH:MFSr45mh9hrl4roZ9IaBrH

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1984	2256	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 1984	2256	742f4f5bbca6930beccf3868d830738b.exe	15
PID 2256 wrote to memory of 1984	2256	742f4f5bbca6930beccf3868d830738b.exe	15
PID 2256 wrote to memory of 1984	2256	742f4f5bbca6930beccf3868d830738b.exe	15
PID 2256 wrote to memory of 1984	2256	742f4f5bbca6930beccf3868d830738b.exe	15

C:\Users\Admin\AppData\Local\Temp\742f4f5bbca6930beccf3868d830738b.exe
"C:\Users\Admin\AppData\Local\Temp\742f4f5bbca6930beccf3868d830738b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 116
  2⤵
  - Program crash
  PID:1984

memory/2256-0-0x0000000000A00000-0x0000000000A6B000-memory.dmp

Filesize
428KB

Download