53684bdcc56108ddbdcb9533411b44ec0eac752858a65129bbaef23fba530053

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 20:59

Target

03db20807083e251ad855cbaafbd69c5.exe
Size

916KB
MD5

03db20807083e251ad855cbaafbd69c5
SHA1

87de4558aac1ae503e708bd1e10e2f480f661709
SHA256

53684bdcc56108ddbdcb9533411b44ec0eac752858a65129bbaef23fba530053
SHA512

7001dd4ccac721903e8cfdbcb06b7ecf27f38c39dfd8770eb8024f60c80eac2bf4a0f179d9ed09ab871b140bd99c56e19b04a9e804e94748354cb91000d74f34
SSDEEP

24576:9kNz8cS/d3YK64JWn4qJznsiMeZic6LvqC:WjK64JC4qJLsXezm

Score

9^/10

CustAttr .NET packer 1 IoCs

Detects CustAttr .NET packer in memory.

resource	yara_rule
behavioral1/memory/840-3-0x00000000002D0000-0x00000000002E2000-memory.dmp	CustAttr

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2684	840	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 2684	840	03db20807083e251ad855cbaafbd69c5.exe	28
PID 840 wrote to memory of 2684	840	03db20807083e251ad855cbaafbd69c5.exe	28
PID 840 wrote to memory of 2684	840	03db20807083e251ad855cbaafbd69c5.exe	28
PID 840 wrote to memory of 2684	840	03db20807083e251ad855cbaafbd69c5.exe	28

C:\Users\Admin\AppData\Local\Temp\03db20807083e251ad855cbaafbd69c5.exe
"C:\Users\Admin\AppData\Local\Temp\03db20807083e251ad855cbaafbd69c5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 684
  2⤵
  - Program crash
  PID:2684

memory/840-0-0x00000000008F0000-0x00000000009DC000-memory.dmp

Filesize
944KB

Download
memory/840-1-0x0000000074470000-0x0000000074B5E000-memory.dmp

Filesize
6.9MB

Download
memory/840-2-0x0000000004A90000-0x0000000004AD0000-memory.dmp

Filesize
256KB

Download
memory/840-3-0x00000000002D0000-0x00000000002E2000-memory.dmp

Filesize
72KB

Download
memory/840-4-0x0000000074470000-0x0000000074B5E000-memory.dmp

Filesize
6.9MB

Download
memory/840-5-0x0000000004A90000-0x0000000004AD0000-memory.dmp

Filesize
256KB

Download
memory/840-6-0x0000000005750000-0x00000000057D0000-memory.dmp

Filesize
512KB

Download