e856881216ddd9fd504e735937dde08b2ca4c0af7cf74936f2611d1bbd7cc2a0

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:27

Target

06ea918568ea5b53f13f6b668d668cf4.exe
Size

214KB
MD5

06ea918568ea5b53f13f6b668d668cf4
SHA1

35440ebd2a1f606b6b93646481867c02721fb4e5
SHA256

e856881216ddd9fd504e735937dde08b2ca4c0af7cf74936f2611d1bbd7cc2a0
SHA512

0247aea453e9acf94fc0bffd036cbfb5d001177414f46be8930710de02b6b9997778ba12f5ecbd58f16f1d6735c28f8d755e925febb58c1576a294035ba34965
SSDEEP

6144:yJV5pEY02GO77dO/QKjhABiTb5JsA6hRq1fdqy/B0E1WoGJ+v2/:yIYn77yB2uJx6h8fdqw0zbZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2296	1644	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 2296	1644	06ea918568ea5b53f13f6b668d668cf4.exe	28
PID 1644 wrote to memory of 2296	1644	06ea918568ea5b53f13f6b668d668cf4.exe	28
PID 1644 wrote to memory of 2296	1644	06ea918568ea5b53f13f6b668d668cf4.exe	28
PID 1644 wrote to memory of 2296	1644	06ea918568ea5b53f13f6b668d668cf4.exe	28

C:\Users\Admin\AppData\Local\Temp\06ea918568ea5b53f13f6b668d668cf4.exe
"C:\Users\Admin\AppData\Local\Temp\06ea918568ea5b53f13f6b668d668cf4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 36
  2⤵
  - Program crash
  PID:2296

memory/1644-0-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download