5a0a73c7fb520389ca3f226ec9a42fd0bcee621eb50f47ac905f31b0b34a1c32

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:45

Target

022686242e43625ed0d01d3bfa24bc9e.exe
Size

56KB
MD5

022686242e43625ed0d01d3bfa24bc9e
SHA1

8dc90a9e912c144308845a934cf753d817f07c44
SHA256

5a0a73c7fb520389ca3f226ec9a42fd0bcee621eb50f47ac905f31b0b34a1c32
SHA512

4678064a1f309038b8b3ad59955c2e211dcbfd79546dde2c1bb7035d130cba06ba20611706f732b9fd2243c383848f48340a8836dcb139ade051733deb900092
SSDEEP

768:bOHBUhwUt7cJTEuhVsAFuxLzHZvlrjQITbNtmHAPLjsE/lraH7VbnbO/knHInZGb:Zq4hmIfNt8WaH7VGnZXx5BtXmf

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2796	2720	WerFault.exe	23

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 2796	2720	022686242e43625ed0d01d3bfa24bc9e.exe	27
PID 2720 wrote to memory of 2796	2720	022686242e43625ed0d01d3bfa24bc9e.exe	27
PID 2720 wrote to memory of 2796	2720	022686242e43625ed0d01d3bfa24bc9e.exe	27
PID 2720 wrote to memory of 2796	2720	022686242e43625ed0d01d3bfa24bc9e.exe	27

C:\Users\Admin\AppData\Local\Temp\022686242e43625ed0d01d3bfa24bc9e.exe
"C:\Users\Admin\AppData\Local\Temp\022686242e43625ed0d01d3bfa24bc9e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 36
  2⤵
  - Program crash
  PID:2796