8181d2c57e1141180a4ebfbab0d1dd0b4c429bf2623bb709bbb87536c181cda6

Analysis

max time kernel
142s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 16:58

Target

7e82f55cca9a627e1cb99b3684443f30.exe
Size

28KB
MD5

7e82f55cca9a627e1cb99b3684443f30
SHA1

2887c642db86dcc542166c59c7d2b717cd1a9415
SHA256

8181d2c57e1141180a4ebfbab0d1dd0b4c429bf2623bb709bbb87536c181cda6
SHA512

90ebee9dd1adaf6b68d879bd1bae04fa11cc4055fe89d0ecfe755e6d15c1ab1fe5d15b50890ad3a63dffac03ea1d46a4ba69b4dc48f0608d762f3a8821c411c1
SSDEEP

384:+YDcJqMy3tdgjqsnxayNtPw+kLwHnzV4SfakcvqDi1ciguriTbYHa6c:BoJqMqtBwYQVw+kLGzqzkcoeOANc

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2180	368	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 368 wrote to memory of 2180	368	7e82f55cca9a627e1cb99b3684443f30.exe	16
PID 368 wrote to memory of 2180	368	7e82f55cca9a627e1cb99b3684443f30.exe	16
PID 368 wrote to memory of 2180	368	7e82f55cca9a627e1cb99b3684443f30.exe	16
PID 368 wrote to memory of 2180	368	7e82f55cca9a627e1cb99b3684443f30.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 88
1⤵
- Program crash
PID:2180

C:\Users\Admin\AppData\Local\Temp\7e82f55cca9a627e1cb99b3684443f30.exe
"C:\Users\Admin\AppData\Local\Temp\7e82f55cca9a627e1cb99b3684443f30.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:368

memory/368-1-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/368-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download