e3fc2ff4c61775387a221b6b3baee65d2de9c71ffecbd9ca6fc2acb0d5869274

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:50

Target

061f44e97f54afcce2d14ac990b8bbc6.exe
Size

123KB
MD5

061f44e97f54afcce2d14ac990b8bbc6
SHA1

4110e652a5be2e4875df15323eac917c78b24ab6
SHA256

e3fc2ff4c61775387a221b6b3baee65d2de9c71ffecbd9ca6fc2acb0d5869274
SHA512

590f688e053baa38bcb6fe59e04612471e8b94951620d8df3680df3de7a6a19192dd1075a15b7d19052f23076ba511aa77db36dc569173fe356507657dca2103
SSDEEP

3072:3d6W4iBs8GZEx9xDdxPqZQRziDeuo3AwzaaZPirX0AaKZEo:3wW4YyZY9D98QYDeP3+ePiwQZx

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2180	1968	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2180	1968	061f44e97f54afcce2d14ac990b8bbc6.exe	14
PID 1968 wrote to memory of 2180	1968	061f44e97f54afcce2d14ac990b8bbc6.exe	14
PID 1968 wrote to memory of 2180	1968	061f44e97f54afcce2d14ac990b8bbc6.exe	14
PID 1968 wrote to memory of 2180	1968	061f44e97f54afcce2d14ac990b8bbc6.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 36
1⤵
- Program crash
PID:2180

C:\Users\Admin\AppData\Local\Temp\061f44e97f54afcce2d14ac990b8bbc6.exe
"C:\Users\Admin\AppData\Local\Temp\061f44e97f54afcce2d14ac990b8bbc6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1968

memory/1968-0-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download