7861a560e6dab703d8ec5d6e17bcc39741a5d7a0b09cd0942feb7d309a026d57

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 20:42

Target

f6c40d26fa7109ee44e50fdf91ea83a7.exe
Size

72KB
MD5

f6c40d26fa7109ee44e50fdf91ea83a7
SHA1

db7387e4451e8ec785053467ddf6fd2c82217136
SHA256

7861a560e6dab703d8ec5d6e17bcc39741a5d7a0b09cd0942feb7d309a026d57
SHA512

3929b537484f7115540f16645e18bdc7c01ecbedc4d48784fdd481b2947a6ca893cab39aedcf5557c678b894646607f7be133b412d4a422f2e1d7ca24858e3b7
SSDEEP

1536:LSWJ77t48O9kf5KO2UftQKwS6Wc0P88t7uHwcJyaD3sbNhxjCM5m:LRqtkfMj6uKwAtPluHpLsPxj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2960	2884	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2960	2884	f6c40d26fa7109ee44e50fdf91ea83a7.exe	15
PID 2884 wrote to memory of 2960	2884	f6c40d26fa7109ee44e50fdf91ea83a7.exe	15
PID 2884 wrote to memory of 2960	2884	f6c40d26fa7109ee44e50fdf91ea83a7.exe	15
PID 2884 wrote to memory of 2960	2884	f6c40d26fa7109ee44e50fdf91ea83a7.exe	15

C:\Users\Admin\AppData\Local\Temp\f6c40d26fa7109ee44e50fdf91ea83a7.exe
"C:\Users\Admin\AppData\Local\Temp\f6c40d26fa7109ee44e50fdf91ea83a7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 88
  2⤵
  - Program crash
  PID:2960

memory/2884-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2884-1-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download