607640def4cfe895585288dfcfe26b39d0bc78b827816ab2e354fbf727295e28

Analysis

max time kernel
122s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:06

Target

00061381eca1b8455eee5df0629dc8c4.exe
Size

886KB
MD5

00061381eca1b8455eee5df0629dc8c4
SHA1

9c7a57e5d9d3397d2f0fb70d3e5d4e97a3b89cb9
SHA256

607640def4cfe895585288dfcfe26b39d0bc78b827816ab2e354fbf727295e28
SHA512

34b9eee1104330c808ab52b9f2ccf65f75813fc12b3572cb4deab06828131c90f9ee28b46e903b5d1f9d7722d6d019374bad7f6ac0c626250c2532eeec42a1c2
SSDEEP

12288:J4lsXvtCcmVVXzzn4PJAahPl/QEdIMiVbHydETJnJWkYNwq:J4lavt0LkLL9IMixoEFNYNwq

Score

5^/10

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2104-0-0x0000000001160000-0x0000000001244000-memory.dmp	autoit_exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2172	2104	WerFault.exe	18

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2172	2104	00061381eca1b8455eee5df0629dc8c4.exe	28
PID 2104 wrote to memory of 2172	2104	00061381eca1b8455eee5df0629dc8c4.exe	28
PID 2104 wrote to memory of 2172	2104	00061381eca1b8455eee5df0629dc8c4.exe	28
PID 2104 wrote to memory of 2172	2104	00061381eca1b8455eee5df0629dc8c4.exe	28

C:\Users\Admin\AppData\Local\Temp\00061381eca1b8455eee5df0629dc8c4.exe
"C:\Users\Admin\AppData\Local\Temp\00061381eca1b8455eee5df0629dc8c4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
  2⤵
  - Program crash
  PID:2172

memory/2104-0-0x0000000001160000-0x0000000001244000-memory.dmp

Filesize
912KB

Download