e0c003e2f7a186c9db1d08e85713be9c4051e7437bb03c0c492d6489a975c174

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 22:35

Target

fd2658ef73242b94c99c4a986205bb46.exe
Size

76KB
MD5

fd2658ef73242b94c99c4a986205bb46
SHA1

7cb3f9d00ee9fe712c09709f18a62471ad56bb7c
SHA256

e0c003e2f7a186c9db1d08e85713be9c4051e7437bb03c0c492d6489a975c174
SHA512

c940ed8237ab83ceb8d2486abaa7463e3ae1cab40a31240489285e1d3a5d04156fb44a81b63db22e527fb503147871f66a131bb11563b84628008bb35234cdf4
SSDEEP

1536:K/ePyXHZ7DA4BfBrmTiXvvvUgbFNCuACP1DIgN:QeSHZ7DTBfBrB/UgbFNCuAq2C

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2912	2968	WerFault.exe	13

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2912	2968	fd2658ef73242b94c99c4a986205bb46.exe	28
PID 2968 wrote to memory of 2912	2968	fd2658ef73242b94c99c4a986205bb46.exe	28
PID 2968 wrote to memory of 2912	2968	fd2658ef73242b94c99c4a986205bb46.exe	28
PID 2968 wrote to memory of 2912	2968	fd2658ef73242b94c99c4a986205bb46.exe	28

C:\Users\Admin\AppData\Local\Temp\fd2658ef73242b94c99c4a986205bb46.exe
"C:\Users\Admin\AppData\Local\Temp\fd2658ef73242b94c99c4a986205bb46.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 108
  2⤵
  - Program crash
  PID:2912

memory/2968-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download