1324e7cd3df0b2787189679492b145d416283c94d150577782bf10648586e069

Analysis

max time kernel
189s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 01:44

Target

0a7f9011db3b59662087315af5a563c1.exe
Size

65KB
MD5

0a7f9011db3b59662087315af5a563c1
SHA1

17d2f0375a670189b1dd45c724e59bbc3011113c
SHA256

1324e7cd3df0b2787189679492b145d416283c94d150577782bf10648586e069
SHA512

735ee0791daea0bd5637f61a13ecf8e85ea25669faccab342939a4edcaad1b07ef9f4c76ca8cde3508f4789344afc567d84eee35aa9fa06428a0eb9a50ab2db9
SSDEEP

1536:61q+02gekS1BKF61yqX+Y8ef7X5CtdHySp5GZdZcLOJCfeDx:6w+RgekSnsqXX8I7XmdFXGZdavfe1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2520	2420	WerFault.exe	24

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2520	2420	0a7f9011db3b59662087315af5a563c1.exe	29
PID 2420 wrote to memory of 2520	2420	0a7f9011db3b59662087315af5a563c1.exe	29
PID 2420 wrote to memory of 2520	2420	0a7f9011db3b59662087315af5a563c1.exe	29
PID 2420 wrote to memory of 2520	2420	0a7f9011db3b59662087315af5a563c1.exe	29

C:\Users\Admin\AppData\Local\Temp\0a7f9011db3b59662087315af5a563c1.exe
"C:\Users\Admin\AppData\Local\Temp\0a7f9011db3b59662087315af5a563c1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 140
  2⤵
  - Program crash
  PID:2520

memory/2420-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2420-1-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download