e1b0f933bd808fbe7546a3ba69896533eb1f8a5956bc45e1236a3a2e7b56c6d2

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-12-2023 20:49

Target

f72c117a69f903d95f82bfad3a8d620a.exe
Size

1.0MB
MD5

f72c117a69f903d95f82bfad3a8d620a
SHA1

cccfa49711f4d22c5d39b3ac80863803a2139f5a
SHA256

e1b0f933bd808fbe7546a3ba69896533eb1f8a5956bc45e1236a3a2e7b56c6d2
SHA512

a1fdd864ec8b6ba93a3c6acdc77a006dda6c7937d86f70e845f54ad97eb3aad22a28ea37c8bcafb1fb9a1b06942926c050362d5640515b2db8f8147956103b4f
SSDEEP

24576:XWG1PaToSD27FMNolNCxiRCxrQXvLHTQB+621QlECwGeHPjN:GHsUqGUoIC96L8pGQlECwxHP5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
304	2460	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 304	2460	f72c117a69f903d95f82bfad3a8d620a.exe	15
PID 2460 wrote to memory of 304	2460	f72c117a69f903d95f82bfad3a8d620a.exe	15
PID 2460 wrote to memory of 304	2460	f72c117a69f903d95f82bfad3a8d620a.exe	15
PID 2460 wrote to memory of 304	2460	f72c117a69f903d95f82bfad3a8d620a.exe	15

C:\Users\Admin\AppData\Local\Temp\f72c117a69f903d95f82bfad3a8d620a.exe
"C:\Users\Admin\AppData\Local\Temp\f72c117a69f903d95f82bfad3a8d620a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 36
  2⤵
  - Program crash
  PID:304

memory/2460-0-0x0000000000400000-0x000000000098B000-memory.dmp

Filesize
5.5MB

Download