e00a23dfbe73991b3350eb6b4f565c231f0f70c93a48c136894b2a5e3a615151

Analysis

max time kernel
121s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 16:35

Target

7d273fe40d6449670535193d023a57a7.exe
Size

2.0MB
MD5

7d273fe40d6449670535193d023a57a7
SHA1

a6df7bb804707b455e0704c3cb2e828484a44e8d
SHA256

e00a23dfbe73991b3350eb6b4f565c231f0f70c93a48c136894b2a5e3a615151
SHA512

ca0cafa89395289f0b3f783482160b02f8d85bfd2f7babe6d25b55b3fd3374cbbd04bdbd693c219f447868288ce506e93492bbe7ccac59ac10fee48347e15b1b
SSDEEP

49152:FkfH1xaAqHqwqlAkk4zyPvc5gVUhtEtL63wu9wn/qBPhvNK:2vCAqWlu4zyHcL7e63nu/qB5vQ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1344	2228	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 1344	2228	7d273fe40d6449670535193d023a57a7.exe	28
PID 2228 wrote to memory of 1344	2228	7d273fe40d6449670535193d023a57a7.exe	28
PID 2228 wrote to memory of 1344	2228	7d273fe40d6449670535193d023a57a7.exe	28
PID 2228 wrote to memory of 1344	2228	7d273fe40d6449670535193d023a57a7.exe	28

C:\Users\Admin\AppData\Local\Temp\7d273fe40d6449670535193d023a57a7.exe
"C:\Users\Admin\AppData\Local\Temp\7d273fe40d6449670535193d023a57a7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 100
  2⤵
  - Program crash
  PID:1344