ae0f45e1ad36bb4e1fb410b49df3a5a2ddca877ffd74f6e7b742ffebb11611f8

Analysis

max time kernel
125s
max time network
161s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 23:20

Target

ff79c9d589dbe9ba127e535ec3e91ab8.exe
Size

422KB
MD5

ff79c9d589dbe9ba127e535ec3e91ab8
SHA1

44a441c4885149228acea01cadebb300bf654da7
SHA256

ae0f45e1ad36bb4e1fb410b49df3a5a2ddca877ffd74f6e7b742ffebb11611f8
SHA512

fbdc274c0b72b9c56bd45e63add92d240786dcc7418d68323856804a46fa6d81f08c38886b07696a20921a79e18e3eff0695bfc770d92024f6437c7d1fc0c7ea
SSDEEP

6144:ykB1INZdWaFzaE7mDGg7Y4+MFyBPys80G5sEOi9Ri9na5UVx3:ykBgdW/E7mDGg8xMkBp80GiZa5UVh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2288	2964	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2288	2964	ff79c9d589dbe9ba127e535ec3e91ab8.exe	29
PID 2964 wrote to memory of 2288	2964	ff79c9d589dbe9ba127e535ec3e91ab8.exe	29
PID 2964 wrote to memory of 2288	2964	ff79c9d589dbe9ba127e535ec3e91ab8.exe	29
PID 2964 wrote to memory of 2288	2964	ff79c9d589dbe9ba127e535ec3e91ab8.exe	29

C:\Users\Admin\AppData\Local\Temp\ff79c9d589dbe9ba127e535ec3e91ab8.exe
"C:\Users\Admin\AppData\Local\Temp\ff79c9d589dbe9ba127e535ec3e91ab8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 116
  2⤵
  - Program crash
  PID:2288

memory/2964-0-0x0000000000350000-0x00000000003BE000-memory.dmp

Filesize
440KB

Download