9d9307b6134da313afe5cc715a5f30d0d622a384549622458de73a14e240b775

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 00:39

Target

08ca8d5e278108dcd9e037f408454ccb.exe
Size

10KB
MD5

08ca8d5e278108dcd9e037f408454ccb
SHA1

835f55a9ac47f8784ae1e162feca73faacc3ab1f
SHA256

9d9307b6134da313afe5cc715a5f30d0d622a384549622458de73a14e240b775
SHA512

96a109caf21a56cdeb77ac65ccdaa48ddb0f828dbc6665a0a8399d9932b34c8a575f880840ca21792875953a999c7880a904f4b03238354635fcceb48ffcb9e3
SSDEEP

192:tlS7L41yC1aBTFP4HI65e7gqPpAQbj8AL4AL/+fJt+a7:tlSf2o6+gMpAIj8AL4Aja

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2332	1984	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2332	1984	08ca8d5e278108dcd9e037f408454ccb.exe	28
PID 1984 wrote to memory of 2332	1984	08ca8d5e278108dcd9e037f408454ccb.exe	28
PID 1984 wrote to memory of 2332	1984	08ca8d5e278108dcd9e037f408454ccb.exe	28
PID 1984 wrote to memory of 2332	1984	08ca8d5e278108dcd9e037f408454ccb.exe	28

C:\Users\Admin\AppData\Local\Temp\08ca8d5e278108dcd9e037f408454ccb.exe
"C:\Users\Admin\AppData\Local\Temp\08ca8d5e278108dcd9e037f408454ccb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 44
  2⤵
  - Program crash
  PID:2332