42aa9504b54f3c0568c1f7d5708391761e0602b3ee014ebc8c5f8edaffbfa663

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 20:00

Target

027a6a2b40b4326c186c2e95309791da.exe
Size

323KB
MD5

027a6a2b40b4326c186c2e95309791da
SHA1

ce0303896b58623afbff471adc208e69a1aa7619
SHA256

42aa9504b54f3c0568c1f7d5708391761e0602b3ee014ebc8c5f8edaffbfa663
SHA512

05deca9251120ce497be3347d0604ab93923cf15653ada3e86fa4ec03d9cdb54dff305c92bc781abacdbcb950ce31f5ab7623373d9f5b880c7d362d839c38774
SSDEEP

6144:uJttw4JBk4Sicm7MuFgoDUIOPAzufwgJK6COU5JjS2PcjsQW5Ss:YJa4HMOYIOPAYW5Jeyzz

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2500	1128	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 2500	1128	027a6a2b40b4326c186c2e95309791da.exe	28
PID 1128 wrote to memory of 2500	1128	027a6a2b40b4326c186c2e95309791da.exe	28
PID 1128 wrote to memory of 2500	1128	027a6a2b40b4326c186c2e95309791da.exe	28
PID 1128 wrote to memory of 2500	1128	027a6a2b40b4326c186c2e95309791da.exe	28

C:\Users\Admin\AppData\Local\Temp\027a6a2b40b4326c186c2e95309791da.exe
"C:\Users\Admin\AppData\Local\Temp\027a6a2b40b4326c186c2e95309791da.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 48
  2⤵
  - Program crash
  PID:2500

memory/1128-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1128-1-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download