08f053e6a8a3d29ef010195df07028b6a5865d31ebf2aa7868f8c1f7ca0f4ad1

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:29

Target

06f040ed9f878c69f4c0437ede69cd04.exe
Size

119KB
MD5

06f040ed9f878c69f4c0437ede69cd04
SHA1

193d509bfe55e1df882b9e66d0b3ee2fe5155c33
SHA256

08f053e6a8a3d29ef010195df07028b6a5865d31ebf2aa7868f8c1f7ca0f4ad1
SHA512

6b9a3db58268e58243866f60c4f443a17b30c7b738d2a3dcc39200a20f2e7753e84a2027f77d89c95e20f37eecf124b74f4d80a817f56aaea00ef063501db897
SSDEEP

3072:CvCs7hsvQvdpKoY5G7hGtVSbTVYc1/WxhqosdSL5mXTbeF:khsIdYoEtVSbTbKhqaL8Xm

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2772	1724	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2772	1724	06f040ed9f878c69f4c0437ede69cd04.exe	28
PID 1724 wrote to memory of 2772	1724	06f040ed9f878c69f4c0437ede69cd04.exe	28
PID 1724 wrote to memory of 2772	1724	06f040ed9f878c69f4c0437ede69cd04.exe	28
PID 1724 wrote to memory of 2772	1724	06f040ed9f878c69f4c0437ede69cd04.exe	28

C:\Users\Admin\AppData\Local\Temp\06f040ed9f878c69f4c0437ede69cd04.exe
"C:\Users\Admin\AppData\Local\Temp\06f040ed9f878c69f4c0437ede69cd04.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 36
  2⤵
  - Program crash
  PID:2772

memory/1724-0-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/1724-1-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download