c6fb90c47ab5566c59bf92b4c1bf61e3744eaa309f91dbb51bb9531d5e19f338

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 21:02

Target

f7f6fa34615457723bd369f0785b24eb.exe
Size

111KB
MD5

f7f6fa34615457723bd369f0785b24eb
SHA1

1282a4771ee72cacda606c5aa1154663d0fdac55
SHA256

c6fb90c47ab5566c59bf92b4c1bf61e3744eaa309f91dbb51bb9531d5e19f338
SHA512

ed42e62f94142ad760fcada73169ff18a3599180b68a993a545220db276c27677e3d2a009e15cbe80ac772d718dc73c098bdf75431c5e7f0f5a9e889be0e619d
SSDEEP

1536:/Y3lOIc7J6mp2JzNUfUQ+3/6C4Vxex6nWe8zW3dBgJwmo:/GOdcmpi2fEPKh8a3v8wt

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2880	2636	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 2880	2636	f7f6fa34615457723bd369f0785b24eb.exe	28
PID 2636 wrote to memory of 2880	2636	f7f6fa34615457723bd369f0785b24eb.exe	28
PID 2636 wrote to memory of 2880	2636	f7f6fa34615457723bd369f0785b24eb.exe	28
PID 2636 wrote to memory of 2880	2636	f7f6fa34615457723bd369f0785b24eb.exe	28

C:\Users\Admin\AppData\Local\Temp\f7f6fa34615457723bd369f0785b24eb.exe
"C:\Users\Admin\AppData\Local\Temp\f7f6fa34615457723bd369f0785b24eb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 116
  2⤵
  - Program crash
  PID:2880

memory/2636-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download