7bf5ef7fa4088cd5a72d6b2c81fb10fe5e731da2fd3f72d9432b51bd098c3f77

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 16:37

Target

7d3ccccc81ccd15a4ce48d5f88cdfdf4.exe
Size

116KB
MD5

7d3ccccc81ccd15a4ce48d5f88cdfdf4
SHA1

291e0872354cba7cb551aa7db46737179b29f13e
SHA256

7bf5ef7fa4088cd5a72d6b2c81fb10fe5e731da2fd3f72d9432b51bd098c3f77
SHA512

7492605c99ee939c6836789cce8cfc876e59b9e616ed84938a9bb835cd054024d5d9a78c2d747a9e16e5d62a48061f5963321775fb72dc83ca872413402d1467
SSDEEP

3072:0inp0/i4vJ/4GHWz0uY6uxu7hmvfHHHHHHHHHH:0i8Fx/4GHWz0UYvfHHHHHHHHHH

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1904	1872	WerFault.exe	9

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 1904	1872	7d3ccccc81ccd15a4ce48d5f88cdfdf4.exe	16
PID 1872 wrote to memory of 1904	1872	7d3ccccc81ccd15a4ce48d5f88cdfdf4.exe	16
PID 1872 wrote to memory of 1904	1872	7d3ccccc81ccd15a4ce48d5f88cdfdf4.exe	16
PID 1872 wrote to memory of 1904	1872	7d3ccccc81ccd15a4ce48d5f88cdfdf4.exe	16

C:\Users\Admin\AppData\Local\Temp\7d3ccccc81ccd15a4ce48d5f88cdfdf4.exe
"C:\Users\Admin\AppData\Local\Temp\7d3ccccc81ccd15a4ce48d5f88cdfdf4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 36
  2⤵
  - Program crash
  PID:1904

memory/1872-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download