48a2661a6fe4ea1f0ef046d15533ae805c22f7dfc2fe5dbe53ce3a27848c4f30

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:13

Target

0b492fad03cba355cc236a0dab0b4794.exe
Size

430KB
MD5

0b492fad03cba355cc236a0dab0b4794
SHA1

a4fba108bdc753dae8ea46b55d7e5798bd41fb79
SHA256

48a2661a6fe4ea1f0ef046d15533ae805c22f7dfc2fe5dbe53ce3a27848c4f30
SHA512

27f34d667adb683f0e1516585fe9d319bd08598ef3c428cfd378bdd87e8694f1cd091eb5231457d162f0c9d45042586eea00b231e6abbd6d9d0e479e69076227
SSDEEP

6144:Ulsy4TNbEm1B1zzqaCh9Ju/2x+vw0b8ajNglS2+gUXpP9YC4r:UdwNIm1B1zzqrh9Jf+btwSfgUnBI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2248	3052	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 2248	3052	0b492fad03cba355cc236a0dab0b4794.exe	27
PID 3052 wrote to memory of 2248	3052	0b492fad03cba355cc236a0dab0b4794.exe	27
PID 3052 wrote to memory of 2248	3052	0b492fad03cba355cc236a0dab0b4794.exe	27
PID 3052 wrote to memory of 2248	3052	0b492fad03cba355cc236a0dab0b4794.exe	27

C:\Users\Admin\AppData\Local\Temp\0b492fad03cba355cc236a0dab0b4794.exe
"C:\Users\Admin\AppData\Local\Temp\0b492fad03cba355cc236a0dab0b4794.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 116
  2⤵
  - Program crash
  PID:2248

memory/3052-0-0x0000000000A80000-0x0000000000AF0000-memory.dmp

Filesize
448KB

Download