c2083e414e824ea23bb01b0f099c3c458dbd5a9d007f8350ceedd959161417d9

Analysis

max time kernel
122s
max time network
157s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:20

Target

004b0765cd56a7e267169fc3d6731851.exe
Size

8KB
MD5

004b0765cd56a7e267169fc3d6731851
SHA1

cf6dab16c0740ddb34297f99385d22ace194bed9
SHA256

c2083e414e824ea23bb01b0f099c3c458dbd5a9d007f8350ceedd959161417d9
SHA512

43fc54b4dc2c265ede8c46eed9906b0b2de9ef79617dc8dddd464311e8d136ae96e8b56c60be2f27bca403053d9908cfedade084e7c79960a9a4c9c626f3662b
SSDEEP

192:AkY1ThYlQ7AsT8s2ToYumxybyISljtDXsTTiFCpk3Ivb:j2hYlQff2ToTmsbyJlZoTRS30

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2676	2612	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 2676	2612	004b0765cd56a7e267169fc3d6731851.exe	29
PID 2612 wrote to memory of 2676	2612	004b0765cd56a7e267169fc3d6731851.exe	29
PID 2612 wrote to memory of 2676	2612	004b0765cd56a7e267169fc3d6731851.exe	29
PID 2612 wrote to memory of 2676	2612	004b0765cd56a7e267169fc3d6731851.exe	29

C:\Users\Admin\AppData\Local\Temp\004b0765cd56a7e267169fc3d6731851.exe
"C:\Users\Admin\AppData\Local\Temp\004b0765cd56a7e267169fc3d6731851.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 36
  2⤵
  - Program crash
  PID:2676