806466ec33022ff40cafec8dcc27d480c842d64b02886b7b2bcce49e1ca8be6d

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 22:20

Target

fc6e7b5d5ac690630363dc4890f50e53.exe
Size

367KB
MD5

fc6e7b5d5ac690630363dc4890f50e53
SHA1

e42bb816122b014c7207b1f5132c2a1fb463a999
SHA256

806466ec33022ff40cafec8dcc27d480c842d64b02886b7b2bcce49e1ca8be6d
SHA512

3c39b10c57a49b8554fab7b0a0a82e1eba4a69106fe704d731a58664fc1fedca2be739613041e9db489686d094e722870164e6047c19b9e53c1b1a7905fc7046
SSDEEP

6144:rpEcAd/Mm5ZkyUneRTnJOmQ4W4/6zA5K0TzJRCp4xRvKUllD/W13+Re:rTAOm5eyUnJmCzAXTzJR3RvK6lCwRe

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2080	1948	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2080	1948	fc6e7b5d5ac690630363dc4890f50e53.exe	14
PID 1948 wrote to memory of 2080	1948	fc6e7b5d5ac690630363dc4890f50e53.exe	14
PID 1948 wrote to memory of 2080	1948	fc6e7b5d5ac690630363dc4890f50e53.exe	14
PID 1948 wrote to memory of 2080	1948	fc6e7b5d5ac690630363dc4890f50e53.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 116
1⤵
- Program crash
PID:2080

C:\Users\Admin\AppData\Local\Temp\fc6e7b5d5ac690630363dc4890f50e53.exe
"C:\Users\Admin\AppData\Local\Temp\fc6e7b5d5ac690630363dc4890f50e53.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1948

memory/1948-0-0x00000000012A0000-0x0000000001300000-memory.dmp

Filesize
384KB

Download