8e6289828be7f88ac65c10d29791ac4060c24695d9df590160c52c80ce628848

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 15:28

Target

78f131a325a036e7856c76c0ab104d7b.exe
Size

581KB
MD5

78f131a325a036e7856c76c0ab104d7b
SHA1

a78e7790fe2a7bf761a265b50279eadbbf302b08
SHA256

8e6289828be7f88ac65c10d29791ac4060c24695d9df590160c52c80ce628848
SHA512

1a54e128b8fa38c508345afb356b5abe4f5cfdf1ebb34b7e26f985d8f761ca0bfec105fc9bc0cdf61c35e0facbeb15ad009a910484135dbc57d5f6b26ff06b9a
SSDEEP

12288:VDxFBwE0GNLVk/Q1JLw9OPycUEl34X6nOGCFD8PJZjNACgSWoCt1GxVli+lO92bF:VrBwEJNLVk/e24C4Y6CnGx++la2wojPh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2592	1252	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2592	1252	78f131a325a036e7856c76c0ab104d7b.exe	28
PID 1252 wrote to memory of 2592	1252	78f131a325a036e7856c76c0ab104d7b.exe	28
PID 1252 wrote to memory of 2592	1252	78f131a325a036e7856c76c0ab104d7b.exe	28
PID 1252 wrote to memory of 2592	1252	78f131a325a036e7856c76c0ab104d7b.exe	28

C:\Users\Admin\AppData\Local\Temp\78f131a325a036e7856c76c0ab104d7b.exe
"C:\Users\Admin\AppData\Local\Temp\78f131a325a036e7856c76c0ab104d7b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 168
  2⤵
  - Program crash
  PID:2592

memory/1252-0-0x0000000000080000-0x0000000000115000-memory.dmp

Filesize
596KB

Download