e43624ca6ffe1818f1646e4f3cef5c67f40211719dc25c99bdc247c26ef4ce9b

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 03:48 UTC

Target

0d6c1e53bc908df9a0382f4131bf8666.exe
Size

429KB
MD5

0d6c1e53bc908df9a0382f4131bf8666
SHA1

7d322d4aac3ae647a73ad034a6a013588678c863
SHA256

e43624ca6ffe1818f1646e4f3cef5c67f40211719dc25c99bdc247c26ef4ce9b
SHA512

fedc8c498fc04d548d45da0977234dde1bc41682779babefd0cd96b1f267d63f70fd66223863c3fdc92578c10a21fb74180ace68255cc84aa14617d91c5ce489
SSDEEP

12288:BCTPFRnysHt5Nww3E3NO7wuI2ttwLZnZM2hJbc7Tp3iKAq+z:AFRnysNbwQEdjH2jwZ/fofpQq+z

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
936	1960	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 936	1960	0d6c1e53bc908df9a0382f4131bf8666.exe	28
PID 1960 wrote to memory of 936	1960	0d6c1e53bc908df9a0382f4131bf8666.exe	28
PID 1960 wrote to memory of 936	1960	0d6c1e53bc908df9a0382f4131bf8666.exe	28
PID 1960 wrote to memory of 936	1960	0d6c1e53bc908df9a0382f4131bf8666.exe	28

C:\Users\Admin\AppData\Local\Temp\0d6c1e53bc908df9a0382f4131bf8666.exe
"C:\Users\Admin\AppData\Local\Temp\0d6c1e53bc908df9a0382f4131bf8666.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 88
  2⤵
  - Program crash
  PID:936