67aad5a6b746230f56aefe03cd16e2738cc5422536601483631732b3af8fd4c9

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 21:08

Target

f843b4d0ab8c3fd3eda5991b9521fd0d.exe
Size

1007KB
MD5

f843b4d0ab8c3fd3eda5991b9521fd0d
SHA1

000fdbefcf5cdd837ff0386817c5965c80ae880c
SHA256

67aad5a6b746230f56aefe03cd16e2738cc5422536601483631732b3af8fd4c9
SHA512

2e9ec0da3c1c7797b54836af96fd1d352cd14a0dce8d478fae21a9820887909192681d7eadf08099c55927ccfd2f1642077367d13558b57b935771081ebc201d
SSDEEP

6144:q2hFHKRsR0OudRUJ7b+d/hdNH0eQZoALkjwoEuJfio46q:q2h9VKK7b2ln/pJfr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1736	1848	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 1736	1848	f843b4d0ab8c3fd3eda5991b9521fd0d.exe	14
PID 1848 wrote to memory of 1736	1848	f843b4d0ab8c3fd3eda5991b9521fd0d.exe	14
PID 1848 wrote to memory of 1736	1848	f843b4d0ab8c3fd3eda5991b9521fd0d.exe	14
PID 1848 wrote to memory of 1736	1848	f843b4d0ab8c3fd3eda5991b9521fd0d.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 36
1⤵
- Program crash
PID:1736

C:\Users\Admin\AppData\Local\Temp\f843b4d0ab8c3fd3eda5991b9521fd0d.exe
"C:\Users\Admin\AppData\Local\Temp\f843b4d0ab8c3fd3eda5991b9521fd0d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1848

memory/1848-0-0x0000000000400000-0x00000000004FF000-memory.dmp

Filesize
1020KB

Download