d9f108999c536eee300a1de8e05f7bd7d1f8af32acb255f96303c8516a2f5b46

Analysis

max time kernel
122s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 02:27

Target

0ba3ba35bb0ffe1a473a1182eb6810b7.exe
Size

298KB
MD5

0ba3ba35bb0ffe1a473a1182eb6810b7
SHA1

51f6be165c4e0171633ef45f416184f09f092f5a
SHA256

d9f108999c536eee300a1de8e05f7bd7d1f8af32acb255f96303c8516a2f5b46
SHA512

c9439961e8853f03a40810746fe7567d00ce666c7c58c33dbdb4a3959cc72fa00ac0c483876023103521b75e2787a6f6ca9a3e3f37a70de35b5904b0c414b1dd
SSDEEP

6144:yCRmcObhcgTh5wb4FX6Asn6DZ1EVJnzTF:fRmcOtckXHsn6Z63HF

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2856	1992	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2856	1992	0ba3ba35bb0ffe1a473a1182eb6810b7.exe	28
PID 1992 wrote to memory of 2856	1992	0ba3ba35bb0ffe1a473a1182eb6810b7.exe	28
PID 1992 wrote to memory of 2856	1992	0ba3ba35bb0ffe1a473a1182eb6810b7.exe	28
PID 1992 wrote to memory of 2856	1992	0ba3ba35bb0ffe1a473a1182eb6810b7.exe	28

C:\Users\Admin\AppData\Local\Temp\0ba3ba35bb0ffe1a473a1182eb6810b7.exe
"C:\Users\Admin\AppData\Local\Temp\0ba3ba35bb0ffe1a473a1182eb6810b7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 588
  2⤵
  - Program crash
  PID:2856

memory/1992-0-0x0000000000D80000-0x0000000000DD0000-memory.dmp

Filesize
320KB

Download
memory/1992-1-0x0000000074C70000-0x000000007535E000-memory.dmp

Filesize
6.9MB

Download
memory/1992-2-0x00000000045A0000-0x000000000463E000-memory.dmp

Filesize
632KB

Download
memory/1992-3-0x00000000003B0000-0x00000000003F0000-memory.dmp

Filesize
256KB

Download
memory/1992-4-0x0000000074C70000-0x000000007535E000-memory.dmp

Filesize
6.9MB

Download
memory/1992-5-0x00000000003B0000-0x00000000003F0000-memory.dmp

Filesize
256KB

Download