c4ea2a1076ff594c9062eb8657185581ad07fbfdd123e7654e4e20be882b5620

Analysis

max time kernel
119s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 18:05

Target

00033b9fd675d2a43fade992c7685f63.exe
Size

293KB
MD5

00033b9fd675d2a43fade992c7685f63
SHA1

c3894e7e9182447e09f18c3e2d0dfc4ab6f519a9
SHA256

c4ea2a1076ff594c9062eb8657185581ad07fbfdd123e7654e4e20be882b5620
SHA512

45f4546a8ece32298f671f563752d53c9de6e2b6a480b655448ff6ef0b3469db6cf77461674896b726b344bae96c5ebafa48b8c58315d285b5359de7a1966f14
SSDEEP

6144:gPdMUMANEVzGlcEDUl4qaRYVQfJTGbusJRhgnGXcsD7Xm2BeddhMHV8DO:ENEh8cSLqdYsisDhgnGfBBedDM18S

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2404	2640	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 2404	2640	00033b9fd675d2a43fade992c7685f63.exe	28
PID 2640 wrote to memory of 2404	2640	00033b9fd675d2a43fade992c7685f63.exe	28
PID 2640 wrote to memory of 2404	2640	00033b9fd675d2a43fade992c7685f63.exe	28
PID 2640 wrote to memory of 2404	2640	00033b9fd675d2a43fade992c7685f63.exe	28

C:\Users\Admin\AppData\Local\Temp\00033b9fd675d2a43fade992c7685f63.exe
"C:\Users\Admin\AppData\Local\Temp\00033b9fd675d2a43fade992c7685f63.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 140
  2⤵
  - Program crash
  PID:2404

memory/2640-0-0x0000000000270000-0x00000000002B1000-memory.dmp

Filesize
260KB

Download
memory/2640-1-0x00000000002C0000-0x000000000030B000-memory.dmp

Filesize
300KB

Download