32b943af6219745f1cc834644627778fa7091205bc1283599f8ee962fc3e7aa5

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 03:56

Target

0d9f7089b0fa991a9d9563e4870ea681.exe
Size

194KB
MD5

0d9f7089b0fa991a9d9563e4870ea681
SHA1

f33f250fb9beec535a76ddfa985f09338fc9a5fc
SHA256

32b943af6219745f1cc834644627778fa7091205bc1283599f8ee962fc3e7aa5
SHA512

3387de2005a35e12c6dbe3f60d9003635fc35025aefe4986c589fb258f30ac89b74976208b47b625da5871b57b3431fa864c512e0d5a7ee7ed51e1a0b1bd5cb2
SSDEEP

3072:x58A9locSzlU1TAjQXVOAGmzJzB7QE+kqxA6u67/NCU2VKXflY9JKwFl+rln:gAZUlUrsCzJ+kqxJT78wY9J0hn

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
1728	2256	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 1728	2256	0d9f7089b0fa991a9d9563e4870ea681.exe	17
PID 2256 wrote to memory of 1728	2256	0d9f7089b0fa991a9d9563e4870ea681.exe	17
PID 2256 wrote to memory of 1728	2256	0d9f7089b0fa991a9d9563e4870ea681.exe	17
PID 2256 wrote to memory of 1728	2256	0d9f7089b0fa991a9d9563e4870ea681.exe	17

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 36
1⤵
- Program crash
PID:1728

C:\Users\Admin\AppData\Local\Temp\0d9f7089b0fa991a9d9563e4870ea681.exe
"C:\Users\Admin\AppData\Local\Temp\0d9f7089b0fa991a9d9563e4870ea681.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2256

memory/2256-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download