e293b9363f1d9e95befc1140da44c661df509082c65bae6b74cf0952e65a7fcf

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 00:26

Target

0882a0f0836858fd0beda45cfec8ca22.exe
Size

26KB
MD5

0882a0f0836858fd0beda45cfec8ca22
SHA1

d3c913171091b1e9ae2abf53dd92717316b188a3
SHA256

e293b9363f1d9e95befc1140da44c661df509082c65bae6b74cf0952e65a7fcf
SHA512

a95d5df414e1a9b7c4ce9240524c645cf216c891332d9ade560180d2827726cf177e8c949663a6066ffc1c151122602cf6897f8d0ca5b7543a31e5d2fd51af5d
SSDEEP

384:lWya4GFawiJP5qaguhfxp/z5zRNZ5tt5dTMX9R0M9YzGHEVAkzsuvWHwgT1W:lWlRaltgatdTRTozJ9fSAksHwgE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2324	1048	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 2324	1048	0882a0f0836858fd0beda45cfec8ca22.exe	14
PID 1048 wrote to memory of 2324	1048	0882a0f0836858fd0beda45cfec8ca22.exe	14
PID 1048 wrote to memory of 2324	1048	0882a0f0836858fd0beda45cfec8ca22.exe	14
PID 1048 wrote to memory of 2324	1048	0882a0f0836858fd0beda45cfec8ca22.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 116
1⤵
- Program crash
PID:2324

C:\Users\Admin\AppData\Local\Temp\0882a0f0836858fd0beda45cfec8ca22.exe
"C:\Users\Admin\AppData\Local\Temp\0882a0f0836858fd0beda45cfec8ca22.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1048

memory/1048-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download