9cc77ec94bb3b386e17b35ee7d2ee0fae28fadd3255ed80b8982c1ade4feaff5

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 16:01

Target

7affabd006348f8d15b6ac6e6883d43d.exe
Size

324KB
MD5

7affabd006348f8d15b6ac6e6883d43d
SHA1

6d6f750730983d53c8a98af3ac84459efa792ae3
SHA256

9cc77ec94bb3b386e17b35ee7d2ee0fae28fadd3255ed80b8982c1ade4feaff5
SHA512

9ec36b14dd6035afe56141bc398f3a5e6356070732d22b2591888a453353a7d4cdfec410e9217024b90a7e6bfb5860bd4d8d730b7cc838b13bb65aa71809aada
SSDEEP

6144:JHKRHx8ACo5ByMMrZfcZuGTrFov5xY76Txz7xU5bKYP:JHQByH9cZuGTM5xWoxpF

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2384	2356	WerFault.exe	13

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2384	2356	7affabd006348f8d15b6ac6e6883d43d.exe	16
PID 2356 wrote to memory of 2384	2356	7affabd006348f8d15b6ac6e6883d43d.exe	16
PID 2356 wrote to memory of 2384	2356	7affabd006348f8d15b6ac6e6883d43d.exe	16
PID 2356 wrote to memory of 2384	2356	7affabd006348f8d15b6ac6e6883d43d.exe	16

C:\Users\Admin\AppData\Local\Temp\7affabd006348f8d15b6ac6e6883d43d.exe
"C:\Users\Admin\AppData\Local\Temp\7affabd006348f8d15b6ac6e6883d43d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 196
  2⤵
  - Program crash
  PID:2384