57ca6e9274725eb3a67a890366a2d94b9c660302be05961e12fa25dd1302fc63

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:26

Target

0b9f199a9c215c6e3a9c44ad7839cc8d.exe
Size

381KB
MD5

0b9f199a9c215c6e3a9c44ad7839cc8d
SHA1

a4f427e217048484f793b9bd2da72e005c602c76
SHA256

57ca6e9274725eb3a67a890366a2d94b9c660302be05961e12fa25dd1302fc63
SHA512

55614f51a660953106454c7e55ae51beafe0c333a9294965ac4bc390ccd3454ead94f3f9beecad7bd9810ddae4a153f10ddc061b97b3bd460ef8ff5b2ec9ceae
SSDEEP

6144:0ZKlg1Vlhw/aAa1Zg30ZTNWSG6/7aDqWCn54YqcDe/5pXsGKLu8NKuPNcRSZ:020VlhganzrWSG6zzWC5kcDextmxKsNj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3012	2880	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 3012	2880	0b9f199a9c215c6e3a9c44ad7839cc8d.exe	28
PID 2880 wrote to memory of 3012	2880	0b9f199a9c215c6e3a9c44ad7839cc8d.exe	28
PID 2880 wrote to memory of 3012	2880	0b9f199a9c215c6e3a9c44ad7839cc8d.exe	28
PID 2880 wrote to memory of 3012	2880	0b9f199a9c215c6e3a9c44ad7839cc8d.exe	28

C:\Users\Admin\AppData\Local\Temp\0b9f199a9c215c6e3a9c44ad7839cc8d.exe
"C:\Users\Admin\AppData\Local\Temp\0b9f199a9c215c6e3a9c44ad7839cc8d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 164
  2⤵
  - Program crash
  PID:3012

memory/2880-0-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download