e79b4ebc298104938b1dc8806c3fa6e4e0474614de4a305a707764399af75e6a

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 21:05

Target

f824e7c25755f76125cbb0302ba6dca2.exe
Size

155KB
MD5

f824e7c25755f76125cbb0302ba6dca2
SHA1

819db84a0b34947f774a4371f2b71dffc6f48df2
SHA256

e79b4ebc298104938b1dc8806c3fa6e4e0474614de4a305a707764399af75e6a
SHA512

38bb9344ca0d6a392654f05fb6477f34926f37e51aca69dce98452d8206675f2a31ba321ee08ba9cfc9f4367e4a3b6a98644acd951fa46746480d1f52c13d75c
SSDEEP

3072:O75Mx7N8OoKH8naPibuAlcL8VzuIZY4LQu/9qgExQ2iSRB:bxjoKcaPCplcWzrZ7L7AgEae

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2532	2512	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2532	2512	f824e7c25755f76125cbb0302ba6dca2.exe	28
PID 2512 wrote to memory of 2532	2512	f824e7c25755f76125cbb0302ba6dca2.exe	28
PID 2512 wrote to memory of 2532	2512	f824e7c25755f76125cbb0302ba6dca2.exe	28
PID 2512 wrote to memory of 2532	2512	f824e7c25755f76125cbb0302ba6dca2.exe	28

C:\Users\Admin\AppData\Local\Temp\f824e7c25755f76125cbb0302ba6dca2.exe
"C:\Users\Admin\AppData\Local\Temp\f824e7c25755f76125cbb0302ba6dca2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 104
  2⤵
  - Program crash
  PID:2532