fc7e5f1c05c1fb43af8f29016de197e0c0e95775d624fbdd3762a17c2194ae89

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:36

Target

00a7fb26f752a8cd6748f7d56d6d0452.exe
Size

28KB
MD5

00a7fb26f752a8cd6748f7d56d6d0452
SHA1

32cbb0feefcc9eeea413f110aae6fd2b051533ec
SHA256

fc7e5f1c05c1fb43af8f29016de197e0c0e95775d624fbdd3762a17c2194ae89
SHA512

9c2626f2c9490760c45d393b78c33a3fd9dad53cca2c2262bcc87fc2ff286588ea8483a83e17166ac8873ad9642c46e10ef0f92e2906287733ce0ebf1a1aba5d
SSDEEP

192:yJvPTCh13Ata1Utwi1oyn25okipR8EWx5VRtTwZxf1I/Tzoz0ZY6yNFZ+w7:APTNam6i1DtA5b9ie/Tzoc+37

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3056	2464	WerFault.exe	9

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 3056	2464	00a7fb26f752a8cd6748f7d56d6d0452.exe	19
PID 2464 wrote to memory of 3056	2464	00a7fb26f752a8cd6748f7d56d6d0452.exe	19
PID 2464 wrote to memory of 3056	2464	00a7fb26f752a8cd6748f7d56d6d0452.exe	19
PID 2464 wrote to memory of 3056	2464	00a7fb26f752a8cd6748f7d56d6d0452.exe	19

C:\Users\Admin\AppData\Local\Temp\00a7fb26f752a8cd6748f7d56d6d0452.exe
"C:\Users\Admin\AppData\Local\Temp\00a7fb26f752a8cd6748f7d56d6d0452.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 148
  2⤵
  - Program crash
  PID:3056

memory/2464-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2464-1-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download