161881dff399d5285aefea8107a3fbb5d3243f1110279de98f6f1bd53f6e4772

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 22:36

Target

05cbede42bd34d43411a6b8f5d0677fb.exe
Size

21KB
MD5

05cbede42bd34d43411a6b8f5d0677fb
SHA1

2e6d186a560e1eed6ebd66ec3491e68cbab0858c
SHA256

161881dff399d5285aefea8107a3fbb5d3243f1110279de98f6f1bd53f6e4772
SHA512

cf6ca46d9448126ad87055ce648c5b13fff8edb1e7bd34e04824e1a14679be3b4e433bd47e690750cf521611435abd56c826c10b760d3c5f8040c197dede15b7
SSDEEP

384:kn2s3RFjfXOftLkABlImNAUtIYyBmwCTjfVhGCK2R7H7t5TNI5+rhrY5:TirftolIm4GwCTjfVB7/W5OY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2296	2780	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 2296	2780	05cbede42bd34d43411a6b8f5d0677fb.exe	28
PID 2780 wrote to memory of 2296	2780	05cbede42bd34d43411a6b8f5d0677fb.exe	28
PID 2780 wrote to memory of 2296	2780	05cbede42bd34d43411a6b8f5d0677fb.exe	28
PID 2780 wrote to memory of 2296	2780	05cbede42bd34d43411a6b8f5d0677fb.exe	28

C:\Users\Admin\AppData\Local\Temp\05cbede42bd34d43411a6b8f5d0677fb.exe
"C:\Users\Admin\AppData\Local\Temp\05cbede42bd34d43411a6b8f5d0677fb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 36
  2⤵
  - Program crash
  PID:2296

memory/2780-0-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download