20b9fe138a72a452cddc531aacdf82fffb0c9b7cb32bf6c9aa4e54c69a07e68a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 22:13

Target

1e1d8dcfac9400f85a6df1e51a6198b4.exe
Size

312KB
MD5

1e1d8dcfac9400f85a6df1e51a6198b4
SHA1

498cec29405416ef669540f128e77886f804b559
SHA256

20b9fe138a72a452cddc531aacdf82fffb0c9b7cb32bf6c9aa4e54c69a07e68a
SHA512

912ff7a0fdacf70715b3ffb514c850772a33c7d69126b1f734c0e91c1dbad21ac13c5660635fd748edea38cc6be7f2370ff57b051bf939923a2bc6102e66daf6
SSDEEP

6144:ghNP6kBrHjX6Gc75o9ZO9tp4WCDS/eTAj0fPbKO:g7NBrLK5IO9tpY6eTAwfP2O

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
864	2724	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 864	2724	1e1d8dcfac9400f85a6df1e51a6198b4.exe	16
PID 2724 wrote to memory of 864	2724	1e1d8dcfac9400f85a6df1e51a6198b4.exe	16
PID 2724 wrote to memory of 864	2724	1e1d8dcfac9400f85a6df1e51a6198b4.exe	16
PID 2724 wrote to memory of 864	2724	1e1d8dcfac9400f85a6df1e51a6198b4.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 96
1⤵
- Program crash
PID:864

C:\Users\Admin\AppData\Local\Temp\1e1d8dcfac9400f85a6df1e51a6198b4.exe
"C:\Users\Admin\AppData\Local\Temp\1e1d8dcfac9400f85a6df1e51a6198b4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2724