d56c7f2b146747bbcf66e26e4f0be85b9d2848e50a8fddef123791c4f4ad78ca

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 15:26

Target

78c9d9cb8d8152efd1a120ccb4543dd3.exe
Size

512KB
MD5

78c9d9cb8d8152efd1a120ccb4543dd3
SHA1

b7349627acef2f2253102a3d1e550ffee0a9639f
SHA256

d56c7f2b146747bbcf66e26e4f0be85b9d2848e50a8fddef123791c4f4ad78ca
SHA512

1d19367ad0a4ddad775a5e99c1d6a83cded03ce3c9c37562f949ee5454c178215b63bd65f34bfc077c6c8b044df8e0cef288fdcb79bb81dbd4ca83e6265e984e
SSDEEP

6144:sG7VBZZpshiSW8a5TT/EAsGIOFNFbR5o3BNwXGRXUeU0aX2gHnPAXz/JdlElB3A/:vZTshi0aGVfuNF+gHn8z5KB36

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1708	1984	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 1708	1984	78c9d9cb8d8152efd1a120ccb4543dd3.exe	14
PID 1984 wrote to memory of 1708	1984	78c9d9cb8d8152efd1a120ccb4543dd3.exe	14
PID 1984 wrote to memory of 1708	1984	78c9d9cb8d8152efd1a120ccb4543dd3.exe	14
PID 1984 wrote to memory of 1708	1984	78c9d9cb8d8152efd1a120ccb4543dd3.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 120
1⤵
- Program crash
PID:1708

C:\Users\Admin\AppData\Local\Temp\78c9d9cb8d8152efd1a120ccb4543dd3.exe
"C:\Users\Admin\AppData\Local\Temp\78c9d9cb8d8152efd1a120ccb4543dd3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984

memory/1984-0-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download