bd4067d79f34f465eea9c121df5215339f4df65f3b90bc4f829774e2352f9cf4

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:14

Target

06a0632912d0bfad70563b5f429788a9.exe
Size

10KB
MD5

06a0632912d0bfad70563b5f429788a9
SHA1

6ed824c986629da24504f8ed6a7cbdc8bb4297be
SHA256

bd4067d79f34f465eea9c121df5215339f4df65f3b90bc4f829774e2352f9cf4
SHA512

60d0f7655925004e5a75c8581f10f96447f91d8589aa451ce4a12a067715dc2e8aae8f69be3f08f3554235cc2d4a11fda6a5213316633148d4b1a2ce34a382d9
SSDEEP

192:m3mN4efLt9BlabGZcojGtNK6QsJDhaWP+BIXFuS0fxeP3TmBd:m26QL36XojsNK6QsJDvLudfxuqBd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2480	2520	WerFault.exe	22

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2480	2520	06a0632912d0bfad70563b5f429788a9.exe	28
PID 2520 wrote to memory of 2480	2520	06a0632912d0bfad70563b5f429788a9.exe	28
PID 2520 wrote to memory of 2480	2520	06a0632912d0bfad70563b5f429788a9.exe	28
PID 2520 wrote to memory of 2480	2520	06a0632912d0bfad70563b5f429788a9.exe	28

C:\Users\Admin\AppData\Local\Temp\06a0632912d0bfad70563b5f429788a9.exe
"C:\Users\Admin\AppData\Local\Temp\06a0632912d0bfad70563b5f429788a9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 88
  2⤵
  - Program crash
  PID:2480

memory/2520-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2520-1-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download