fabd1f9f14da64f1879a78f97088ae1279ef7da962b991d39c635006c0d7a4ed

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 01:19

Target

09df8e6ee88e245f8680b5c3d5ce669a.exe
Size

56KB
MD5

09df8e6ee88e245f8680b5c3d5ce669a
SHA1

b67efbd1824154be8efeeefd08b01d9955a52c6a
SHA256

fabd1f9f14da64f1879a78f97088ae1279ef7da962b991d39c635006c0d7a4ed
SHA512

10f07de5e664114016d8471de6d1558bd3846b2e676a060864f23d5e5129c26779730c7d051ec290653f62fae27f0efb5e0d4e55807f7af767db23c528c354ee
SSDEEP

768:/Pv+5OvlMAOuuv8X6bYbtwtHOjZo/RRPDpX/2V/aj/8vNaRdJL+YjRiNPh1/1H5g:/u5OyArO8KbMkpvhjkvNwdJL5Qrs

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2636	1948	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2636	1948	09df8e6ee88e245f8680b5c3d5ce669a.exe	28
PID 1948 wrote to memory of 2636	1948	09df8e6ee88e245f8680b5c3d5ce669a.exe	28
PID 1948 wrote to memory of 2636	1948	09df8e6ee88e245f8680b5c3d5ce669a.exe	28
PID 1948 wrote to memory of 2636	1948	09df8e6ee88e245f8680b5c3d5ce669a.exe	28

C:\Users\Admin\AppData\Local\Temp\09df8e6ee88e245f8680b5c3d5ce669a.exe
"C:\Users\Admin\AppData\Local\Temp\09df8e6ee88e245f8680b5c3d5ce669a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 140
  2⤵
  - Program crash
  PID:2636

memory/1948-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1948-1-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download