58d74b0b9070e842c61e397e59e6b59181b9e0c8f2a27ca614b1b9ddedcab0fd

Analysis

max time kernel
143s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 00:56

Target

093f549775b123c758b0b630439f0e27.exe
Size

168KB
MD5

093f549775b123c758b0b630439f0e27
SHA1

24ad93fb14503f86f59fd3258bac7f6d9848ac15
SHA256

58d74b0b9070e842c61e397e59e6b59181b9e0c8f2a27ca614b1b9ddedcab0fd
SHA512

ee672a6e074ff5116a03e60cb0e8043a3e73cdad2daf83e386154c2d35bb74c424403bbc728362f405318ee70cf9aef50e912710449c3a08dd2dffd302497c35
SSDEEP

3072:nLC2sZyu0oHXdUdvtFeEhIrufU3tqgBma7b9Tfr/DuYUH:LC2sz0IXdKvGEhKg5aftziY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2012	2060	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2012	2060	093f549775b123c758b0b630439f0e27.exe	28
PID 2060 wrote to memory of 2012	2060	093f549775b123c758b0b630439f0e27.exe	28
PID 2060 wrote to memory of 2012	2060	093f549775b123c758b0b630439f0e27.exe	28
PID 2060 wrote to memory of 2012	2060	093f549775b123c758b0b630439f0e27.exe	28

C:\Users\Admin\AppData\Local\Temp\093f549775b123c758b0b630439f0e27.exe
"C:\Users\Admin\AppData\Local\Temp\093f549775b123c758b0b630439f0e27.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 36
  2⤵
  - Program crash
  PID:2012

memory/2060-3-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2060-1-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2060-4-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download