5d17d7f4ca81e741d125559d2a9df095cb1a5dced704568894b00458eefeb0c7

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 22:55

Target

fe382807faf1e013046ff672768379f6.exe
Size

54KB
MD5

fe382807faf1e013046ff672768379f6
SHA1

48db3fb688496c326b6b62ce64b2706f0e6b3f57
SHA256

5d17d7f4ca81e741d125559d2a9df095cb1a5dced704568894b00458eefeb0c7
SHA512

0534740c1003b84e97c92573bf48f514d51f09d99efc67256f221556bca9aac2ac1845d1365c76c95df504d926d5f681c0025153ae52b813dc11c44af0a7fe2c
SSDEEP

768:136DZUZXywdFvLcK2rFm4Q7/EB0Tz72sObpAHd+k4JpwYTQmsS8qBqXRRixa01z:3ZXyGLcKLYBQz7JObXkwlzxB6Cxa0x

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2456	2288	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2456	2288	fe382807faf1e013046ff672768379f6.exe	28
PID 2288 wrote to memory of 2456	2288	fe382807faf1e013046ff672768379f6.exe	28
PID 2288 wrote to memory of 2456	2288	fe382807faf1e013046ff672768379f6.exe	28
PID 2288 wrote to memory of 2456	2288	fe382807faf1e013046ff672768379f6.exe	28

C:\Users\Admin\AppData\Local\Temp\fe382807faf1e013046ff672768379f6.exe
"C:\Users\Admin\AppData\Local\Temp\fe382807faf1e013046ff672768379f6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 176
  2⤵
  - Program crash
  PID:2456

memory/2288-0-0x0000000000330000-0x0000000000427000-memory.dmp

Filesize
988KB

Download
memory/2288-1-0x0000000000020000-0x0000000000023000-memory.dmp

Filesize
12KB

Download
memory/2288-2-0x0000000000330000-0x0000000000427000-memory.dmp

Filesize
988KB

Download
memory/2288-9-0x0000000000330000-0x0000000000427000-memory.dmp

Filesize
988KB

Download
memory/2288-11-0x0000000000020000-0x0000000000023000-memory.dmp

Filesize
12KB

Download