1df9f239f4e1a6407d4dbb7f37936fad514283208da2824ffb589a6ecef04e2d

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 14:11

Target

74a1985708bb4d18241a10804df3b4c0.exe
Size

422KB
MD5

74a1985708bb4d18241a10804df3b4c0
SHA1

09042ac8c6c52f553114ebf472ce4a17997346b1
SHA256

1df9f239f4e1a6407d4dbb7f37936fad514283208da2824ffb589a6ecef04e2d
SHA512

a4d9daa41e00536b90f1715c010b3d3e804a8609e00ac9166dc97ceee9335c1acd7cb70c8c97c2aa2cffb6afbe916babf4f8e6175909cfc930f6a8a4a362452b
SSDEEP

6144:ykB1INZdWaFzaE7mDGg7Y4+MFyBPys80G5sEOi9Ri9na5UVx3:ykBgdW/E7mDGg8xMkBp80GiZa5UVh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2180	2332	WerFault.exe	10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2180	2332	74a1985708bb4d18241a10804df3b4c0.exe	28
PID 2332 wrote to memory of 2180	2332	74a1985708bb4d18241a10804df3b4c0.exe	28
PID 2332 wrote to memory of 2180	2332	74a1985708bb4d18241a10804df3b4c0.exe	28
PID 2332 wrote to memory of 2180	2332	74a1985708bb4d18241a10804df3b4c0.exe	28

C:\Users\Admin\AppData\Local\Temp\74a1985708bb4d18241a10804df3b4c0.exe
"C:\Users\Admin\AppData\Local\Temp\74a1985708bb4d18241a10804df3b4c0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 116
  2⤵
  - Program crash
  PID:2180

memory/2332-0-0x0000000001070000-0x00000000010DE000-memory.dmp

Filesize
440KB

Download