4fa03a6eb5bce67d7862234c88558ee0aca9db4154a096873957cf0fc4413bb8

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:26

Target

046b2def654c01c1c4b923cef6216607.exe
Size

332KB
MD5

046b2def654c01c1c4b923cef6216607
SHA1

a1f923aea69a78c0f7ab60a8da852f721d1ed030
SHA256

4fa03a6eb5bce67d7862234c88558ee0aca9db4154a096873957cf0fc4413bb8
SHA512

b4b78be4b485c693119ca4172b0ee8b6f414416fa406937eddff05112d3e54cfceef7d336c1dcc7c756a5a88e81ca3515e1f3dc84c27cd3cc65efe66bdbd91a0
SSDEEP

6144:70Fk862RfS15iNNXBuWoJBO9OMbHLkAqF7Ief9UmM7/uT:wFF62EoNxDIBuOFe7/uT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1696	1964	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 1696	1964	046b2def654c01c1c4b923cef6216607.exe	28
PID 1964 wrote to memory of 1696	1964	046b2def654c01c1c4b923cef6216607.exe	28
PID 1964 wrote to memory of 1696	1964	046b2def654c01c1c4b923cef6216607.exe	28
PID 1964 wrote to memory of 1696	1964	046b2def654c01c1c4b923cef6216607.exe	28

C:\Users\Admin\AppData\Local\Temp\046b2def654c01c1c4b923cef6216607.exe
"C:\Users\Admin\AppData\Local\Temp\046b2def654c01c1c4b923cef6216607.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 164
  2⤵
  - Program crash
  PID:1696

memory/1964-0-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/1964-2-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download