ac547fac9dfc9751c8e5c9556904ba5eadee7a602b6fd19759c6ebc378efe628

Analysis

max time kernel
122s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 16:08

Target

7b84480702bbe75a78007884d1bdf532.exe
Size

321KB
MD5

7b84480702bbe75a78007884d1bdf532
SHA1

00a62a4fcbfe16dbc3182c975a8520ed39ae8b70
SHA256

ac547fac9dfc9751c8e5c9556904ba5eadee7a602b6fd19759c6ebc378efe628
SHA512

ac6864a8c8cbe69dcf177106019f06cd66bca280cca3a508897036fdfd12ccbf9f2dffb621714dab16f7db9372e5d6fcdb1cbcf3dfe871025e747bdde85352bc
SSDEEP

6144:OTj1OTEKnsub1upoH7td/tQqG56Prd3Z5NBA3r14lJDNIlM:OFOoKnsub6oHprG5+3a7STYM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2900	2672	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2900	2672	7b84480702bbe75a78007884d1bdf532.exe	27
PID 2672 wrote to memory of 2900	2672	7b84480702bbe75a78007884d1bdf532.exe	27
PID 2672 wrote to memory of 2900	2672	7b84480702bbe75a78007884d1bdf532.exe	27
PID 2672 wrote to memory of 2900	2672	7b84480702bbe75a78007884d1bdf532.exe	27

C:\Users\Admin\AppData\Local\Temp\7b84480702bbe75a78007884d1bdf532.exe
"C:\Users\Admin\AppData\Local\Temp\7b84480702bbe75a78007884d1bdf532.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 116
  2⤵
  - Program crash
  PID:2900

memory/2672-0-0x0000000000AD0000-0x0000000000B25000-memory.dmp

Filesize
340KB

Download