461ae49dda59011655ecf8eaf44ee17109f446ed0a528d6a659c4b677a5daef0

Analysis

max time kernel
119s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:00

Target

0119d026f31923bd52a3135129a12d19.exe
Size

422KB
MD5

0119d026f31923bd52a3135129a12d19
SHA1

b7ed8426fda6f7097e86afc96fb8ac978bdb5a0f
SHA256

461ae49dda59011655ecf8eaf44ee17109f446ed0a528d6a659c4b677a5daef0
SHA512

2c2a7c51f69e3ff338cb6f071ee44f5bfccee1fe20e7a0b8dc49232f33a7d18edac4e05bc385435ec4b769e3affa322bdfd52bc1ce9d4e870a6f2a9a89726cec
SSDEEP

6144:ykB1INZdWaFzaE7mDGg7Y4+MFyBPys80G5sEOi9Ri9na5UVx3:ykBgdW/E7mDGg8xMkBp80GiZa5UVh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2700	2768	WerFault.exe	11

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 2700	2768	0119d026f31923bd52a3135129a12d19.exe	30
PID 2768 wrote to memory of 2700	2768	0119d026f31923bd52a3135129a12d19.exe	30
PID 2768 wrote to memory of 2700	2768	0119d026f31923bd52a3135129a12d19.exe	30
PID 2768 wrote to memory of 2700	2768	0119d026f31923bd52a3135129a12d19.exe	30

C:\Users\Admin\AppData\Local\Temp\0119d026f31923bd52a3135129a12d19.exe
"C:\Users\Admin\AppData\Local\Temp\0119d026f31923bd52a3135129a12d19.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 116
  2⤵
  - Program crash
  PID:2700

memory/2768-0-0x0000000001030000-0x000000000109E000-memory.dmp

Filesize
440KB

Download