6fddbe5e6732a593fbdbdb0bd97b30c3f19bbd78edfd28a9b3300bfb00626673

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 21:24

Target

0462c61c5d16bfabc2d6264c1ae2e8d4.exe
Size

32KB
MD5

0462c61c5d16bfabc2d6264c1ae2e8d4
SHA1

17de5ea1b7646ae3a8466015f18e7c1e3cb853f0
SHA256

6fddbe5e6732a593fbdbdb0bd97b30c3f19bbd78edfd28a9b3300bfb00626673
SHA512

70898d30e0d375aac3fbeb4d96c684609378f47225dbbf95e9e8e6b5f3b9d1d9a7951e3d05cd096e00f2b1069c7ac8adfcf8630e214d87f465badcceaa778b10
SSDEEP

384:2N80f7Fz45a4jSGsIaLzPxOkylXVB3gmWmx0t2oB96Rda+N4yFM:s8speCDydVB3Jjx0Bqda0RM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2076	2212	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2076	2212	0462c61c5d16bfabc2d6264c1ae2e8d4.exe	28
PID 2212 wrote to memory of 2076	2212	0462c61c5d16bfabc2d6264c1ae2e8d4.exe	28
PID 2212 wrote to memory of 2076	2212	0462c61c5d16bfabc2d6264c1ae2e8d4.exe	28
PID 2212 wrote to memory of 2076	2212	0462c61c5d16bfabc2d6264c1ae2e8d4.exe	28

C:\Users\Admin\AppData\Local\Temp\0462c61c5d16bfabc2d6264c1ae2e8d4.exe
"C:\Users\Admin\AppData\Local\Temp\0462c61c5d16bfabc2d6264c1ae2e8d4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 88
  2⤵
  - Program crash
  PID:2076

memory/2212-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download