602921682202a6826c75db077a3df3e48e34fdf8f41c55114f39611f7cf55afd

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:28

Target

06edf258ddf1d93fd953bc24506628a5.exe
Size

434KB
MD5

06edf258ddf1d93fd953bc24506628a5
SHA1

3bd3458142b3c6627f4e112fbd26462d45ea36f9
SHA256

602921682202a6826c75db077a3df3e48e34fdf8f41c55114f39611f7cf55afd
SHA512

a65450fa236fdf69fd4ede0c3d37d942412669e289da4efaf34ef2d73b1f37cc8b8a32b282bf9c587dea55e2e7bea35da39431784ea0b358637d58ad439b2f8e
SSDEEP

6144:a5AVlEM3m4NNX/wlkcADCy5BBCem6K3pewb0iEr9QIj:vVlEMNLVDTxm5b3Er9QIj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2544	780	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 780 wrote to memory of 2544	780	06edf258ddf1d93fd953bc24506628a5.exe	28
PID 780 wrote to memory of 2544	780	06edf258ddf1d93fd953bc24506628a5.exe	28
PID 780 wrote to memory of 2544	780	06edf258ddf1d93fd953bc24506628a5.exe	28
PID 780 wrote to memory of 2544	780	06edf258ddf1d93fd953bc24506628a5.exe	28

C:\Users\Admin\AppData\Local\Temp\06edf258ddf1d93fd953bc24506628a5.exe
"C:\Users\Admin\AppData\Local\Temp\06edf258ddf1d93fd953bc24506628a5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:780
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 552
  2⤵
  - Program crash
  PID:2544

memory/780-0-0x0000000000A70000-0x0000000000AE2000-memory.dmp

Filesize
456KB

Download
memory/780-1-0x0000000074150000-0x000000007483E000-memory.dmp

Filesize
6.9MB

Download
memory/780-2-0x0000000074150000-0x000000007483E000-memory.dmp

Filesize
6.9MB

Download