3a2f4dd6d72afba85d8897deb6777abd10f31667020162d524b43d760b858106

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:08

Target

1f7c1897bdb09b24e7dce00f3a2ed78e.exe
Size

60KB
MD5

1f7c1897bdb09b24e7dce00f3a2ed78e
SHA1

9d3b4d69f02b9b7d0c1fa11260ff192ff6d052cc
SHA256

3a2f4dd6d72afba85d8897deb6777abd10f31667020162d524b43d760b858106
SHA512

4257228ce0ec8f05db01c620d43a7b8174e5a5fac04f26b476d0c34e9dfca160d3b84e1991d6e19d6f3e9bc5d58a7fca1293cdb055055b67c8e9e296fe1e7df1
SSDEEP

768:2eD40cA2OHGOAEsIdyEgIyZ2JbbBY8pqRMMVGpaj6c5Q+TLibaGn4LXx:NDP3G0kEH/ZdY8QaMAaj6mQwWaGn49

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1736	620	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 620 wrote to memory of 1736	620	1f7c1897bdb09b24e7dce00f3a2ed78e.exe	28
PID 620 wrote to memory of 1736	620	1f7c1897bdb09b24e7dce00f3a2ed78e.exe	28
PID 620 wrote to memory of 1736	620	1f7c1897bdb09b24e7dce00f3a2ed78e.exe	28
PID 620 wrote to memory of 1736	620	1f7c1897bdb09b24e7dce00f3a2ed78e.exe	28

C:\Users\Admin\AppData\Local\Temp\1f7c1897bdb09b24e7dce00f3a2ed78e.exe
"C:\Users\Admin\AppData\Local\Temp\1f7c1897bdb09b24e7dce00f3a2ed78e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:620
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 44
  2⤵
  - Program crash
  PID:1736

memory/620-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/620-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/620-2-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/620-3-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download